Access can be allowed or denied depending on location. From an entire country to a city. There are in fact two Access Control - Location policies. Access Control - Location and Access Control Location(IPV6)
They both do the same thing, except one uses IPv4ocation addresses, the other IPv6Location addresses
Before you can create the policies you first need to download and import an IP geolocation database.
Control by geographic locations allows you to restrict access to applications by users from some specific countries or cities.
A pre-requisite to implementing access control by geo location is to have the geo-location data.
...
| Expand | ||
|---|---|---|
| ||
- |
How to import IP2Location-IPV4 Geo Location database into DualShield |
...
- How to import IP2Location-IPV6 Geo Location database into DualShield |
...
Once imported you can then follow the next steps to create the new policies..
| Section | ||
|---|---|---|
| ||
| Column | ||
| Column | ||
|
| Panel | ||
|---|---|---|
| ||
|
| border | true |
|---|
Access control by Geo Location is implemented by creating an "Access Control -
...
Click Search
...
| width | 60% |
|---|
| Panel | ||
|---|---|---|
| ||
|
...
| border | true |
|---|
...
A list of Access Control policies will appear underneath, If you have not yet created one then only the default system policy will display.
The default policy allows system-wide access to all applications at any time, by all users.
Do Not Delete or Edit the default system policy. Making any changes to this policy could result in you not being able to access the Administration Console even using the System Admin account.
It is best practice to create a separate policy.
Click the Create button on the top right.
Location" policy. The example below creates an access control system that denies access to all applications if a user is located in Russia or Noth Korea.
Please note that with this policy in place, if a user is not located in Russia or North Korea, then the user will be allowed access to all applications.
Please also note the following
- this policy applies to all users in the system, as the policyholder is "System"
- this policy applies to all applications, as there is no application specified
...
| width | 60% |
|---|
| Panel | ||
|---|---|---|
| ||
|
There are three parts to creating the Location policy. In this example, the first part will be setting up a domain-held policy, for email access.
...
| border | true |
|---|
...
| width | 60% |
|---|
| Panel | ||
|---|---|---|
| ||
|
The second part is for setting the geographical location where access to the Applications will be accessed or denied. In this, email can only be accessed by end-users based in Florida.
...
| border | true |
|---|
...
Click on the Drop Down Arrow next to Countries and Cities
Click on the Cogwheel corresponding with the access or denied countries or Cities
In the Select Area window select Country Name; State/Province; City using the corresponding drop-down arrows.
Click Add. You can add as many as you need.
Click Save
...
| width | 60% |
|---|
| Panel | ||
|---|---|---|
| ||
|
...
| border | true |
|---|
...
Finally set the action to take place if the location does not match.
...
| width | 60% |
|---|
| Panel | ||
|---|---|---|
| ||
|
...
| border | true |
|---|
| Column |
|---|
Example attempt to access emails via Outlook and OWA from within the UK. |
...
| width | 60% |
|---|
...
| bgColor | #FFFFFF |
|---|
...