Using Filtering Rules
Filtering is a feature that allows you to control who can access a particular published resource. You can define filtering rules based on any of the following:
- User
- Client (managed client)
- IP address
- MAC address
- Gateway
By default, no filtering rules exist for a published resource, therefore the resource is available to anyone who is connected to a Parallels RAS farm. Once you specify a filtering rule for a published resource, only those users/computers who satisfy the criteria will be able to use it.
To create a filtering rule, select a published resource in the Published Resources tree and click the Filtering tab. In the Select Filtering Type drop-down list, select a criteria and then define a filtering rule as described below.
Filtering by User
To allow individual users or a user group to access the published resource:
- Select User in the Search Filtering Type drop down list.
- Select the Allow the following Users option.
- Click Tasks > Add and specify a user or a group in the Select Users dialog. Click OK to add a user/group to the list on the Filtering tab page.
- In the Default Object Type drop-down list, select whether this rule will applies to users, groups, or both.
- In the Browse Mode drop-down list, select the browsing mode you would like to use to connect to Active Directory or Windows.
The options are:
- WinNT. WinNT is faster than LDAP but does not support group nesting. Used only for backward compatibility.
- LDAP. LDAP supports group nesting but is slow. Used only for backward compatibility.
- Secure Identifier. This is the preferred and fastest method. It supports group nesting and renaming.
To convert users or groups specified using WinNT or LDAP, select a user entry and then click Tasks > Convert.
Filtering by Client
To allow a specific client or a list or clients to access the published resource, follow these steps:
- Select Client in the Search Filtering Type drop-down list.
- Select the Allow the following Clients option. You can use the asterisk character (*) as a wildcard in a name. To include a wildcard in a name, select a client in the list and then click Tasks > Edit.
- Click Tasks and choose one of the following:
- Add from network browse. Opens a dialog where you can select a client from the list populated from the network.
- Add from Active Directory. Opens a dialog where you can specify a computer or search the Active Directory for it.
- Add from known devices. Opens a dialog where you can select a client from the list populated by previously connected clients.
- Edit. Allows you to modify the name of a selected client. If you want to include a wildcard (*) in a name, you can do it using this option. If no client is selected in the list, the option is disabled.
- Delete. Allows you to delete a selected client. If no client is selected in the list, the option is disabled.
- Click OK to add your selection to the Client list.
Filtering by IP Address
To allow a specific IP address (or multiple addresses) or a range of IP addresses to access the published resource, follow these steps:
- In the Search Filtering Type drop-down list, select IP Address.
- Select the Allow the following IPs option.
- Click Tasks > Add in the IPv4 and/or IPv6 sections to specify the IP address or a range of IP addresses and click OK.
Filtering by MAC Address
To allow a MAC address or a specific list of MAC addresses to access the published resource, follow these steps:
- In the Select Filtering Type drop-down list, select MAC.
- Select the Allow the following MACs option.
- Click Tasks > Add to select the MAC address(es) and click OK.
Filtering by Gateway
To allow users to connect to a published resource through a specific gateway, follow these steps:
- Select the Gateway filtering type.
- Select the Allow connections from the following gateway option.
- Click Tasks > Add to specify the gateway and its IP address (if it has multiple IP addresses).
Configuring multiple filtering rules
If multiple filtering rules are configured for a specific published resource, the connecting user has to match ALL of them to be allowed access to the published resource.
|