About Configuring Sources in Private Access Rules

Let the following information guide you when you add sources to a private access rule.

Source components

  • If you see an option to "Select All", this selects all existing items in the group at the time you select it, but the rule will not include items added to the group in future
  • When you select Network Tunnel Groups, Secure Access secures and controls access from traffic from IPsec tunnels established by your supported network devices. If you need to know what tunnels are included in a group, navigate to Connect > Network Connections > Network Tunnel Groups and look at the group configuration.

Sources created directly in a private access rule

If you want to specify port or protocol, specify those in the destination of the rule.

If you will allow access from a branch network, and you specify users or user groups, you must also configure SAML authentication for those users.

If there are multiple sources in a rule (Boolean logic)

If a rule includes multiple sources, the following boolean logic applies:

All types of sources, and all sources within a type, are treated as using the boolean OR operator: Traffic to each source you specify in a rule matches the rule.

For example, if you specify a user group and then type in a CIDR block, traffic that either belongs to the user group or originates from an IP address within the CIDR block will match the rule.

Add a Private Access Rule< About Configuring Sources in Private Access Rules > About Configuring Destinations in Private Access Rules