So I'm new to Pulse, and I'm trying to configure and test basic access management scenarios.
I want for instance to restrict SSH access to a certain ressource.
I allowed Telnet/SSH on the role level, but I specified a Resource Policy that denies access to the resource.
But when I test this, I can still access the resource!! Even when I disable Telnet/SSH on the entire role, SSH works fine!! Should I reboot my PCS appliance for changes to take effect? I logged off and signed on after making changes with the proper user that is mapped to this role without any change...
If I'm not connected to this tunnel, there's no way to access resources! So there's no a chance PCS is denying my SSH traffic but another VPN is transmitting it!
Am I missing something??
Solved! Go to Solution.
I did not understand what you what to make.
There is two types of access you can control in PCS. One is the services provided for the web browser and the other to the VPN client it self.
When you allow a service at the role level, it is for the browser, except "VPN Tunneling" which allow for a user in that role to use the VPN client.
So, if at a role level, you enable feature "Telnet/SSH", you are allowing a user to use the builtin ssh/telnet web client in the browser and are controlled by a "Telnet/SSH Policies"
If you need a user, access via SSH to some machine via VPN Client, the you should activate the feature "VPN Tunneling" and create a " VPN Tunneling Access Control"
And these policies are distinct from each other. Ie, if you configure something in "Telnet/SSH Policies" they will not be translated for the VPN client accesses.
If I recall correctly, in a new installation of PCS, all policies are in allow mode, double check if they are active or not.