How-To
News
Help
Forum

Filtering Rules by User, Client, IP, MAC and Gateway

Introduction

By default there are no filtering rules configured for a published resource, therefore it will be available to anyone who is connected to the 2X Remote Application Server. Filtering allows you to control who can and who cannot access the published resource. You can create several filtering rules based on any of the following filtering options:

  • User
  • Client (managed client)
  • IP Address
  • MAC Address
  • Gateway

Once you specify a filtering rule, only those who match the rule can access the published resource.

Creating New Filtering Rules

Filtering Rules can be created from the published resource options by selecting the published resource name and click the Filtering tab.

Filtering Options of a Published Resource

Filtering by User

To allow a specific user, list of users or a group to access the published resource, follow the following procedure:

  1. Select User from the Search Filtering Type drop down menu
  2. Enable the option Allow the following Users
  3. Select if you will be specifying users, groups or both from the Default Object Type drop down menu.
  4. Specify the browsing mode you would like to use to connect to active directory or Windows OS from the Browse Mode drop down menu. The options are:
  1. Secure Identifier: This is the preferred and fastest method. It supports group nesting and renaming.
  2. WinNT: WinNT is faster than LDAP but does not support group nesting. Used only for backward compatibility.
  3. LDAP: LDAP supports group nesting but is slow. Used only for backward compatibility.
  1. Select Add from the Tasks drop down menu to specify the user or group from the Select Users or Groups dialog box
  2. Click OK to add the objects to the list.

Configuring User Based Filtering Rules

To delete an object from the list, select the entry from the list and select Delete from the Tasks drop down menu.

Converting Existing Users to SID

To convert users or groups specified using WinNT or LDAP, select the entry and select Convert from the Tasks drop down menu.

Filtering by Client

To allow a specific client or a list or clients to access the published resource, follow the following procedure:

  1. Select Client from the Search Filtering Type drop down menu
  2. Enable the option Allow the following Clients
  3. Click Add from the Tasks drop down menu and select the client(s) from the Select Client dialog box

Adding Clients to the Filtering Options

  1. Click OK to add the clients to the list.

Configuring Client Based Filtering Rules

To delete a client from the list, highlight the entry from the list and click Delete from the Tasks drop down menu.

Filtering by IP Address

To allow a specific IP or a specific list or range of IP addresses to access the published resource, follow the following procedure:

  1. Select IP Address from the Search Filtering Type drop down menu
  2. Enable the option Allow the following IPs
  3. Click Add from the Tasks drop down of the IPv4/ IPv6 menu to specify the IP Address or a range of IP Addresses and click OK

Configuring an IP or Range of IPs for IP Based Filtering Rules

To modify an existing IP range, highlight the entry name from the list and click Properties. To delete an IP Address or a range of IP Addresses from the list, highlight the entry from the list and click Delete from the Tasks drop down menu.

Configuring IP Based Filtering Rules

Filtering by MAC Address

To allow a MAC address or a specific list of MAC addresses to access the published resource, follow the following procedure:

  1. Select MAC from the Search Filtering Type drop down menu
  2. Enable the option Allow the following MACs
  3. Click Add from the Tasks drop down menu to select the MAC address(es) and click OK

Selecting a MAC Address or Addresses MAC Based Filtering Rules

To delete a MAC address from the list, highlight the MAC address from the list and click Delete from the Tasks drop down menu.

Configuring MAC Based Filtering Rules

Filtering by Gateway

To allow users to connect to a published resource through a specific gateway only, follow the following procedure:

  1. Select Gateway from the Search Filtering Type drop down menu
  2. Enable the option Allow connects through these Gateways
  3. Click Add from the Tasks drop down menu to specify the Gateway and its IP address, if it has multiple IP addresses

Configuring a Gateway and its IP for Gateway Based Filtering Rules

To delete a Gateway from the list highlight the entry from the list and click Delete from the Tasks drop down menu.

Configuring Multiple Filtering Rules

If multiple filtering rules are configured for a specific published resource, the connecting user has to match ALL the configured filtering rules to be allowed access to the published resource.

For example if you configure a user filter rule for user admin and another MAC address filter rule for MAC address AB-CD-12-34-A1-C2, unless the user admin accesses the published resource from a client with the MAC address AB-CD-12-34-A1-C2, the user won’t be allowed access to the published resource.