Page 1 of 1

User Policies in SA540

Posted: Fri May 07, 2010 9:50 am
by Guest

Under the "User Policy By Source IP Address" is there anyway to define an IP address range?

 

Example:  Some of my remote users don have static IPs from their ISP however their Dynamic IPs tend to stay pretty constant, so as an added level of security in my current setup I am able to restrict their access to the range of IPs they may receive from their ISP by using a range of lets say 225.80.1.1 to 225.80.255.255.  Is their anyway to accomplish this in the SA540?  I see the option to define a source IP address under the User Policy option but it only lets me put one address in there, not a range like I would like to.


Re:User Policies in SA540

Posted: Fri May 07, 2010 10:42 am
by Guest

If you change the option to network, it will allow you to put in a subnet.


Re:User Policies in SA540

Posted: Fri May 07, 2010 11:51 am
by Guest

Any chance you could go into more detail.

 

When I change the option to IP Network it still only has room for a single IP address but it also allows me to change the Mask Length.  Sadly Im not sure what Mask Length means.

 

Lets say I want to limit access to only IP addresses in the range of 5.5.1.1 to 5.5.255.255.  What would I put in the Network Address/IP Address field and what value would the Mask Length be?


Re:User Policies in SA540

Posted: Fri May 07, 2010 12:02 pm
by Guest

In that case, it would be 16.

 

Each octet is 8 bits.  It would be a 16 bit mask since you want to cover 2 octets.

 

255.0.0.0 = 8

255.255.0.0 = 16

255.255.255.0 = 24


Re:User Policies in SA540

Posted: Fri May 07, 2010 12:52 pm
by Guest

So using my last example.

 

In the IP network field I would put 5.5.1.1  and in the mask I would put 16?  or would it be 5.5.0.0 and 16 for the mask?