Table of Contents
Advertisement
To enable tunnel all mode:
1
Navigate to Users > Local Groups.
2
Click the configure icon next to the group you want to configure.
3
In the Edit Local Group page, select the Nx Routes tab.
4
Select Enable from the Tunnel All Mode drop-down list.
5
Click Accept.
NOTE:
You can optionally tunnel-all Secure Mobile Access client traffic through the NetExtender
connection by entering 0.0.0.0 for the Destination Network and Subnet Mask/Prefix in the Add
Client Routes window.
Adding Group Policies
With group access policies, all traffic is allowed by default. Additional allow and deny policies could be created
by destination address or address range and by service type.
The most specific policy takes precedence over less specific policies. For example, a policy that applies to only
one IP address has priority over a policy that applies to a range of IP addresses. If there are two policies that
apply to a single IP address, then a policy for a specific service (for example RDP) takes precedence over a
policy that applies to all services.
User policies take precedence over group policies and group policies take precedence over global policies,
regardless of the policy definition. A user policy that allows access to all IP addresses takes precedence over a
group policy that denies access to a single IP address.
NOTE:
Within the group policy scheme, the primary group policy is always enforced over any additional
group policies.
To define group access policies:
1
Navigate to Users > Local Groups.
2
Click the configure icon next to the group you want to configure.
3
In the Edit Local Group page, select the Policies tab.
4
On the Policies tab, click Add Policy. The Add Policy screen is displayed.
5
Define a name for the policy in the Policy Name field.
6
In the Apply Policy To drop-down list, select whether the policy is applied to an individual host, a range
of addresses, all addresses, a network object, a server path, or a URL object. You can also select an
individual IPv6 host, a range of IPv6 addresses, or all IPv6 addresses. The Add Policy window changes
depending on what type of object you select in the Apply Policy To drop-down list.
NOTE:
The Secure Mobile Access policies apply to the destination address(es) of the SMA/SRA
connection, not the source address. You cannot permit or block a specific IP address on the
Internet from authenticating to the SMA/SRA gateway through the policy engine. It is possible to
control source logins by IP address from the user's Login Policies page. For more information,
refer to
Configuring Login Policies
on page 380.
Dell SonicWALL Secure Mobile Access 8.5
390
Administration Guide
Advertisement
Chapters
Table of Contents
Troubleshooting
