ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Use policy to control ProxySG administrator access


Article ID: 167092


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


If you would like to control administrator access to the ProxySG Management Console and CLI, you can create policy to configure administrator access privileges.

Using policy rules, you can require administrators to identify themselves by entering a username and password and specify whether read-only or read-write access is given. You can make this policy contingent on IP address, user name, group membership (if credentials were required), and many other conditions.

This solution assumes you have already configured users and groups for authentication (using RADIUS, LDAP, Microsoft Active Directory, or other authentication servers) and created a realm on the ProxySG to connect to these servers.

These high-level steps provide instructions on creating policy in the Visual Policy Manager (VPM). For a basic introduction to creating policy, see the admin guide:

SGOS Administration Guide (7.1.x)


To create policy for ProxySG administrator access:

  1. Launch the Visual Policy Manager.
  2. Create an Admin Authentication layer (Policy > Add Admin Authentication Layer ).
  3. In the Admin Authentication layer, specify the authentication realm that will be used to authenticate administrative users of the ProxySG:
    • Right-click in the Action column and choose Set.
    • Select New > Authenticate.
    • Select the authentication mode and realm. (See ProxySG Authentication Modes.)
    • Close the dialogs.
  4. Create an Admin Access layer (Policy > Add Admin Access Layer).
  5. In the Admin Access layer, define who is allowed to access the ProxySG:
    • Right-click in the Source column and choose Set.
    • Select New.
    • Select the entity (for example, Client IP address/subnet, User, Group) and configure the specifics.
    • Close the dialogs.
  6. Specify the type of administrator read/write access:
    • Right-click the Action column and select Allow Read-only Access or Allow Read/Write Access.
  7. By default, the policy applies to any service (HTTP/HTTPS in the Management Console and SSL in the CLI). If you want to control access to just the MC or just the CLI:
    • Right-click in the Service column and choose Set.
    • Select New > Service Name.
    • Select the service you want the rule to apply to (HTTP-Console, HTTPS-Console, or SSH-Console).
    • Close the dialogs.
  8. Install the policy.