To Add or Edit a Security RuleThe Security Rule List form displays a list of all Security Rules that you can assign to a user or user group. The list contains four columns:
The name of the rule and, if applicable, the source IPs allowed for this rule. A brief description of the rule and, if applicable, the interfaces and the date/time allowed for this rule. States if the rule is “Enabled” or “Disabled;” if applicable, lists all authorized actions for the current rule.
3. From the Security Rule General form, enter the rule name (required), a brief description of the rule, its status (Enabled or Disabled), and the rule to be applied to the entire rule (Allow or Deny).
1. Click on the “Source IP” tab to configure the conditions for accepting source pages for the current rule.
The default rule (Allow or Deny) that applies to the entire security rule. The default permission is configured from the “General” tabbed form. This section allows you to define the Source IP that will be used as the conditions for applying it to the rule. The IP address to be added to the Added Source IP Conditions list box. The netmask to be added to the Added Source IP Conditions list. Added Source IP Conditions The starting IP address of a range of IP addresses. The ending IP address of a range of IP addresses. Hostname of the workstation. If the domainname is not entered, then the domainname of the APM is used to filter the source. Domain name on which the workstation will connect from. If the workstation belongs to subdomain and only domain filtering is entered, all sub domains are allowed or denied access based on the rule permission. Button to add to the conditions list the address, address range, or hostname/domainname you just entered in the IP or Netmask field. Button to delete a selected IP address, address range, or hostname/domainname from the adjacent Source IP Conditions list box. Warning! If the domain name server is down or is not configured correctly, users with security rules that have host/domainname filtering with deny permission will still be denied access to the APM because the security rule can not be verified. If the rule is “Allow” the rule is ignored and the next “allow” rule is considered.
All successful DNS reverse lookup entries are cached for about 30 minutes, and all unsuccessful DNS reverse lookup entries are cached for about 15 minutes. If a user has a security rule with “deny,” and the DNS lookup of source was not verified, the user will be denied access to the APM for 15 minutes. In this case, the user must wait for 15 minutes before attempting to sign on again to the APM.