Defines rules that control the local inbound and outbound connections of Client devices. You may wish to review the Before you start.
There are a number of points you should consider when setting rules:
When enabled, the last two Actions that the Client will always apply after the Actions from any rules are: "allow out" + "block in". Because these are at the end, these will have the lowest priority. If you want the Clients to allow inbound connections then you should include an "allow in" Action somewhere in your rules.
Ringfence rules can be used with the Default route; and the Excluded Subnets will be honored and not blocked.
A change in device location forces a re-evaluation of Policy and renewal of Entitlement tokens - so an alternative Policy could be specified with different Ringfence rules, such as if the user connected to a shared WiFi hotspot in the airport.
Any number of Ringfence rules can be created and any number of Actions can be specified within each Rule.
When you're ready to Configure Ringfence rules, complete the fields in the form.
Add/Edit Ringfence Rule
Configuration
Actions
Protected Hosts
Specify IP addresses or IP ranges.
Rule
Select ALLOW traffic or BLOCK traffic.
Protocol
Select the protocol and direction. Actions for TCP, UDP, ICMP in IPv4 and IPv6 can be set to ALLOW or BLOCK traffic in or out of the user's device. Actions will be taken from all the Policies that apply and will then be ordered based on the type of Action and the Network Resources specified:
The narrowest IP range defined always wins; so ALLOW 1.2.3.4/32 wins over BLOCK 1.2.3.0/24
For two IP ranges that are the same, BLOCK always wins over ALLOW; so BLOCK 1.2.3.4/32 wins over ALLOW 1.2.3.4/32
Ports
Specify the Ports or Port ranges