NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
6-10 Group and User Access Policies
v1.0, August 2006
The most specific policy will take precedence over less specific policies. For example, a policy
that applies to only one IP address will have priority over a policy that applies to a range of IP
addresses. If there are two policies that apply to a single IP address, then a policy for a specific
service (for example RDP) will take precedence over a policy that applies to all services.
To define group access policies:
1. Click Add Policy in the Group Policies section of the Group Settings screen. An Add Policy
window will display.
2. From the Apply Policy To pull-down menu, select whether the policy will be applied to a
predefined network resource, an individual host, a range of addresses or all addresses.
3. Define a name for the policy in the Policy Name field.
4. Select the appropriate policy:
Note: User policies take precedence over all group policies and group policies take
precedence over all global policies, regardless of the policy definition (A user
policy that allows access to all IP addresses will take precedence over a group
policy that denies access to a single IP address).
Figure 6-8
Note: SSL VPN Concentrator policies apply to the destination address(es) of the SSL
VPN connection, not the source address. You cannot permit or block a specific
IP address on the Internet from authenticating to the SSL VPN Concentrator
through the policy engine. That type of policy would need to be defined by a
firewall rule.