Configuring Access Rules

Configuring Access Rules

The Access Rules page on the ISA web portal allows administrators to define rules to  allow or deny remote user access to corporate resources.  referenced in access rules. The following types of access rules can be created:

  1. Allow or deny access to an application or application group from one or more users. The application group must be pre-defined on the Application Group page. The application must be defined within the access rule by specifying an IP address or network with one or more port numbers separated by commas.
  1. Allow or deny access to an application or application group from one or more user groups.  The application group must be pre-defined on the Application Group page. The application must be defined within the access rule by specifying an IP address or network with one or more port numbers separated by commas
  1. Allow or deny access to an application or application group from an IP address or network and one or more port numbers. The application group must be pre-defined on the Application Group page. The application must be defined within the access rule by specifying an IP address or network with one or more port numbers separated by commas.
Features
  1. When an allow rule is defined, the ISA controller will initiate a process to ensure proper route configuration. It involves two distinct steps:
    1. The controller will send the relevant route details to the ISA User Agent. These details are used to configure routes on the end-user device.
    2. Simultaneously, the controller will send route information, including port numbers, to the Gateway Agent for configuring routes on the designated gateway.
  2. Access rules are enforced based on the specificity of the rule. A more specific rule takes precedence over a less specific rule. 
                    Examples

                  A rule that applies to an IP address has priority over a rule that applies to a network, all other parameters being equal. 

                  A deny rule to an IP address takes precedence over an allow rule to a network, all other parameters being equal.

  1. Access rules are only applicable to remote users connecting using the ISA User Agent. Rules defined on the Access Rule page do not govern logging into the ISA web portal.

This user guide describes the various configuration options to manage access rules on the ISA web portal. 

Add Access Rules

  1. Login to the ISA web console using administrator credentials.

  1. Navigate to the Access Rules page under the ACCESS POLICIES menu.

  1. Click the Add button at the top.

  1. On the Add access rule window, under Name, enter a name for the access rule. Characters A-Z, a-z, 0-9 are allowed in this field.  The maximum number of characters allowed is 50. 

  1. Click the Source Type drop-down.

  1. Select User, User Group, or Application. In this example, we select User Group.

  1. Click the Source field.

  1. From the drop-down list, select the user group. Multiple user groups can be added to this field.

  1. Click the Destination Type drop-down. 

  1. Select Application or Application Group

  1. Select the application groups. Multiple application groups can be added to the field.

  1. Click Action

  1. Select either Allow or Deny.

  1. Click Save and Add new.

  1. The new access rule is listed on the page. 

Edit Access Rule

  1. On the Access Rule page, click the name of the access rule you want to edit.
  1. In the ACL details window, click the Edit button.
  1. In the Update access rule window, you can edit the Destination, Destination Type, Source, and Source Type fields. You can add or delete the user, user group, application, or application group by clicking the “x” icon. 
  1. Click Update to save the change.

Add Access Rules in Bulk

This option allows the administrator to add a large number of access rules at once. 

Supported fields in the file are:

  • Name – A name for the access rule.

  • Source Type – Either user or user group.

  • Source – Enter the name of the users or user groups separated by commas. 

  • Destination Type – Either application or application group.

  • Destination – If Destination Type is set to Application Group, enter the name of the application groups separated by commas.. If Destination Type is set to Application, leave the field blank. 

  • IP Address – If Destination Type is set to Application, enter the IP addresses of remote resources separated by commas. If Destination Type is set to Application Group, leave the field blank. 

  • Services - If Destination Type is set to Application, enter the port numbers of remote resources separated by commas. If Destination Type is set to Application Group, leave the field blank. 


  1. On the Access Rules page, click the Add button.
  1. Under Bulk upload Access Rule, click Download Sample CSV.
  1. Open the file using a spreadsheet application.
  1. The sample CSV file is filled with sample values. Enter your information as per the samples provided.
  1. Enter the information in their respective fields and save it.
  1. Under Upload the file …., click Choose File and select the file from the saved location.
  1. Click Upload.
  1. In the Uploaded Access Rules window, review the information and click Save ACLs.
  1. The newly created access rules are listed on the page.

Download Access Rules List 

ISA web portal administrators can download the complete list of access rules by clicking on the CSV button on the Access Rules page. An email with the link to download the file in CSV format is sent to the logged-in administrator’s email address. The file has the following information:

  • Name – Names of the access rule.

  • Source Type – Either user or user group.

  • Source –Name of the users or user groups. 

  • Destination Type – Either application or application group.

  • Destination If Destination Type is Application Group, the names of the application groups. If Destination Type is set to Application, the IP addresses and service names of the applications separated by hyphens.


  1. On the Access Rules page, click the CSV button at the top. 
  1. A message that an email is scheduled to be sent to the administrator’s email address is displayed. 
  1. Click the download link within the email.
  1. View the file in a spreadsheet application.

Delete Access Rules
  1. On the Access Rules page, enable the check box alongside the access rules you want to delete. 

  1. Click the Delete button at the top.

  1. On the pop-up window, click Yes, Delete it!.

  1. On the bottom left of the page, the message ACLs have been scheduled to be deleted is displayed. 


Navigating the Access Rule List

The Access Rules page allows easy pagination for viewing a large number of access rules. You can view the access rules by using the navigation control bar at the top right of the page. 

Click the drop-down box to select the number of rules to be displayed on the Access Rules page. By default, it is set to display 10 rules. You can change it to display either 30 or 50 rules. 



Click the Next button to view the next page of rules. Click the Prev button to view the previous page. 

You can search access rules by name by entering it in the search box. 



    • Related Articles

    • Access Rules

      Access control rules are used to allow access to specific Applications or Application Groups from particular Users or User Groups. These are identity based rules that permit access on the basis of the Role of the users in the organization as opposed ...
    • Configuring Site-to-Site Connectivity with InstaSafe Secure Access (ISA)

      Introduction InstaSafe Secure Access (ISA) provides site-to-site connectivity with advanced security features and simplified configuration. This article outlines the essential steps and features for configuring ISA site-to-site connectivity. When is ...
    • Configuring Local Groups

      This user guide describes the various configuration options to manage user groups on the ISA web portal. The User Groups page on the ISA web portal allows administrators to create user groups and add users to them. User groups can be created locally ...
    • Contextual Access Management

      Contextual access in the context of enterprise remote access refers to the concept of granting or restricting access to resources based on various contextual factors. Instead of relying solely on traditional methods like username and password, ...
    • Configuring Two-Factor Authentication

      Two-Factor Authentication (TFA) adds one more layer of security to the ISA User Agent connection process, in addition to the username-password and certificate method of authentication. When TFA is enabled for a user or user group, the User Agent is ...