Using filtering rules
Filtering is a feature that allows you to control who can access a particular published resource. You can define filtering rules based on any of the following:
- User
- Client device name
- Client device operating system
- IP address
- MAC address
- Gateway
By default, no filtering rules exist for a published resource, therefore the resource is available to anyone who is connected to the Parallels RAS Farm. Once you specify a filtering rule for a published resource, only those users/computers who satisfy the criteria will be able to use it.
To create a filtering rule, select a published resource in the Published Resources tree and click the Filtering tab. In the Select Filtering Type drop-down list, select criteria and then define a filtering rule as described below.
Filtering by user
To allow individual users or a user group to access the published resource:
- Select User in the Search Filtering Type drop down list.
- Select the Allow the following Users option.
- Click Tasks > Add and specify a user or a group in the Select Users dialog. Click OK to add a user/group to the list on the Filtering tab.
- In the Default Object Type drop-down list, select whether this rule will applies to users, groups, or both.
- In the Browse Mode drop-down list, select the browsing mode you would like to use to connect to Active Directory or Windows.
The options are:
- WinNT. WinNT is faster than LDAP but does not support group nesting. Used only for backward compatibility.
- LDAP. LDAP supports group nesting but is slow. Used only for backward compatibility.
- Secure Identifier. This is the preferred and fastest method. It supports group nesting and renaming.
To convert users or groups specified using WinNT or LDAP, select a user entry and then click Tasks > Convert.
Filtering by client device name
To allow a specific client device or a list or client devices to access the published resource, follow these steps:
- Select Client device name in the Search Filtering Type drop-down list.
- Select the Allow the following Clients option. You can use the asterisk character (*) as a wildcard in a name. To include a wildcard in a name, select a client in the list and then click Tasks > Edit.
- Click Tasks and choose one of the following:
- Add from network browse. Opens a dialog where you can select a client from the list populated from the network.
- Add from Active Directory. Opens a dialog where you can specify a computer or search the Active Directory for it.
- Add from known devices. Opens a dialog where you can select a client from the list populated by previously connected clients.
- Add custom entry. Allows you to type the name of a client. To modify the name, select it and then click Tasks > Edit.
- Edit. Allows you to modify the name of a selected client. If you want to include a wildcard (*) in a name, you can do it using this option. If no client is selected in the list, the option is disabled.
- Import from CSV. Allows you to select a CSV file containing the list of names of client devices. The file should contain a single device name on each row. The names must be unique (no duplicates) or you will see an error message.
- Export to CSV. Allows you to export the list of client device names to a CSV file.
- Delete. Allows you to delete a selected client. If no client is selected in the list, the option is disabled.
- Click OK to add your selection to the Client list.
Filtering by client device operating system
To allow client devices running a particular operating system to access the published resource, follow these steps:
- Select Client device operating system in the drop-down list.
- Select the Allow access to clients on the following operating system: option to enable the filtering rule.
- Select one or more operating systems.
- Click Apply at the bottom of the RAS Console window to save the changes.
When using the Checking effective access functionality, the filtering rule information will be displayed as "Client device operating system filtering is enabled".
Filtering by IP address
To allow a specific IP address (or multiple addresses) or a range of IP addresses to access the published resource, follow these steps:
- In the Search Filtering Type drop-down list, select IP Address.
- Select the Allow the following IPs option.
- Click Tasks > Add in the IPv4 and/or IPv6 sections to specify the IP address or a range of IP addresses and click OK.
Filtering by MAC address
To allow a MAC address or a specific list of MAC addresses to access the published resource, follow these steps:
- In the Select Filtering Type drop-down list, select MAC.
- Select the Allow the following MACs option.
- Click Tasks > Add and choose one of the following:
- Add. Select clients to add to the list OK.
- Import from CSV. Select a CSV file containing the list of names of client devices. The file should contain a single MAC address on each row. The addresses must be unique (no duplicates) or you will see an error message.
- Export to CSV. Allows you to export the list of MAC addresses to a CSV file.
Filtering by gateway
To allow users to connect to a published resource through a specific gateway, follow these steps:
- Select the Gateway filtering type.
- Select the Allow connections from the following gateway option.
- Click Tasks > Add to specify the gateway and its IP address (if it has multiple IP addresses).
Configuring multiple filtering rules
If multiple filtering rules are configured for a specific published resource, the connecting user has to match ALL of them to be allowed access to the published resource.
Please note that if you applied multiple filters, all of them will be visible in the Information tab of a published item.
|