tencent cloud

Feedback

Configuring Access Control Policy

Last updated: 2024-01-09 14:29:29
    To guarantee your business security, SSL VPN provides the SSL VPN server access control feature for you to manage your SSL VPN servers in a fine-grained manner.
    Note:
    Currently, only SSO authentication-enabled SSL VPN servers support the access control feature. For more information, see SSO Authentication.

    Prerequisites

    You have created a user group, added a user, and granted the application access permission to the user group in the EIAM console.
    You have enabled certificate verification + identity verification and access control for the SSL VPN server in the VPC console.
    Option 1. Enable the feature while creating an SSL VPN server.
    
    
    Option 2. Enable the feature after creating an SSL VPN server.
    
    
    Note:
    If you select Certificate verification as the verification method, the SSL VPN server can be accessed through all client connections by default, that is, any client can connect to it.
    If you enable access control, you need to configure the access policy after the SSL VPN server is created; otherwise, the server will reject all connections.

    Configuring an access control policy

    1. Log in to the VPC console.
    2. Click VPN Connections > SSL VPN server on the left sidebar to enter the management page.
    3. Click the name of the target instance.
    4. On the instance details page, click Access control > Add policy.
    
    5. In the pop-up window, configure an access control policy.
    
    Parameter
    Description
    Destination
    Enter the local IP range, i.e., IP range for accessing the cloud.
    Note:
    The destination IP range needs to be in the same IP range as the local IP range. If you change the local IP range, you need to modify the destination address of the access control.
    
    Access permission
    Specific user group: The access control policy will take effect for the specified user group, and you need to configure the access group ID after selecting this option.
    All users: The access control policy will take effect for all users.
    Note:
    You can choose to configure access policies for specific user groups or all users. Specific user groups can be user groups configured on the [identity verification platform](https://console.tencentcloud.com/eiam).
    
    Access group ID
    An access group ID is the ID of a user group in the EIAM application. You can select multiple IDs, and then the access control policy will take effect only for the selected user groups.
    Notes
    Enter the policy remarks, which are required and make it easier for you to find the policy.
    6. Click OK. After completing the configuration, the SSL VPN server will accept all connections from users in the user group.

    Deleting an access control policy

    Note:
    After an access control policy is deleted, clients of users in user groups associated with the policy cannot access the SSL VPN server.
    If all access control policies are deleted, the SSL VPN server will reject the access requests from all clients by default. If you want the server to be accessible again, you can configure an access control policy or change the verification method to Certificate verification.
    1. Log in to the VPC console.
    2. Click VPN Connections > SSL VPN server on the left sidebar to enter the management page.
    3. Click the name of the target instance and delete the target policy on the Access control tab.
    Delete multiple policies: Select policies to be deleted in the policy list and click Batch delete.
    Delete one policy: Click Delete in the Operation column of the policy to be deleted.
    4. In the pop-up window, click OK.

    Editing an access control policy

    1. Log in to the VPC console.
    2. Click VPN Connections > SSL VPN server on the left sidebar to enter the management page.
    3. Click the name of the target instance. On the Access control tab, click Edit in the Operation column of the target policy and modify its parameters as needed.
    
    
    4. Click OK.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support