Configure a Service Access Object
A Service Access object defines the conditions that traffic must meet to access a service, such as remote access VPN on the threat defense device. This object defines conditions as multiple rules to be executed in an order. Each service access rule has an Allow or Deny action and a set of match criteria such as country, continent, or user-defined geolocation objects. These rules manage access based on geolocations and ensure that only traffic from approved regions can access the specified services. If the traffic does not match any rules, the default action is enforced.
Before you begin
-
Configure geolocation objects. For more information, see Geolocation.
-
Configure a remote access VPN policy. For more information, see Create a New Remote Access VPN Policy.
Procedure
Step 1 | Choose Objects > Object Management. | ||
Step 2 | In the left pane, click Access List > Service Access. | ||
Step 3 | Click Add Service Access Object to create a new object. | ||
Step 4 | In the Add Service Access Object dialog box, configure the following parameters: | ||
Step 5 | From the Default Action drop-down list, choose Allow All Countries or Deny All Countries. | ||
Step 6 | (Optional) Check the Allow Overrides check box and click + to configure overrides for the service access object for devices.
| ||
Step 7 | (Optional) In the Add Service Access Override dialog box, configure the following parameters: | ||
Step 8 | Click Save. |
What to do next
Configure the Service Access object in the remote access VPN policy. For more information, see Configure Access Interfaces for Remote Access VPN.