Policy configuration - how to set multiple source addresses for a rule in policy

book

Article ID: 166771

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

When creating policies on the proxy where multiple IP addresses will be used to trigger a given policy, how to group those addresses so that only a single rule is required.

Resolution

There are serveral methods that can be employed to configure a group of addresses, depending on whether you are using the visual policy manager or local/central policy.

In this example, the administrator of this ProxySG needs to allow a list of 5 client IP addresses (10.126.28.252, 10.126.28.248, 10.126.28.240, 10.126.28.243 and 10.126.28.244) to download files with an extension of .msi.

 

Local Policy

In the management console, go to Policy > Policy files.  To the right of 'Install local file from', select text editor from the drop-down menu.  Click Install to access the text editor.  Paste the following content policy language into the text editor

<proxy>
ALLOW condition=client.address=Development_users  url.extension=msi

define subnet
Development_users
    10.126.28.252/32
    10.126.28.248/32
    10.126.28.240/32
    10.126.28.243/32
    10.126.28.244/32
end subnet
Development_users

 

Visual Policy

  1. In a Web Access Layer, create a new rule.
  2. Right-click the source field and click Set.
  3. Click New and select Combined Source Object.
  4. Click New and select Client IP address/subnet.
  5. Enter the first address into the address field.  There is no need to enter a subnet mask for a single host.
  6. Click Add.
  7. Enter the next address into the address field and click Add
  8. Continue until all five addresses are entered, then click Close.
  9. Select each address in the list , (pressing ctrl as you click allows you to select multiple addresses at once).
  10. Click the add >> button to move the selection to the box on the top-right. 
  11. Click Close, then Close again.
  12. Right-click the Destination field and select Set.
  13. Click New, File Extension.
  14. Click New and enter msi into the field on the page; click Enter.
  15. Click Ok, then Ok again.
  16. Right-click the Action field for this rule and select Allow.
  17. Click Install Policy.

 

Writing Local policy with Content Policy Language,(CPL) can be somewhat faster than using the Visual Policy Manager.  For more information on creating policies using CPL, see the Content Policy Language Reference for your version of SGOS.