Hi, I did not understand what you what to make. There is two types of access you can control in PCS. One is the services provided for the web browser and the other to the VPN client it self. When you allow a service at the role level, it is for the browser, except "VPN Tunneling" which allow for a user in that role to use the VPN client. So, if at a role level, you enable feature "Telnet/SSH", you are allowing a user to use the builtin ssh/telnet web client in the browser and are controlled by a "Telnet/SSH Policies" If you need a user, access via SSH to some machine via VPN Client, the you should activate the feature "VPN Tunneling" and create a " VPN Tunneling Access Control" And these policies are distinct from each other. Ie, if you configure something in "Telnet/SSH Policies" they will not be translated for the VPN client accesses. If I recall correctly, in a new installation of PCS, all policies are in allow mode, double check if they are active or not.
... View more