Skip to content


Policies control access to Assets, Virtual Assets and Subnets. A Policy is defined by its Sources, Conditions and Destinations. Policies can be disabled and are then not evaluated.


On the source side you can choose:

  • One or more User Groups to permit access to all Users in the chosen groups.
  • One or more Assets to control machine to machine access.
  • Virtual Assets or Subnets cannot be selected as Sources


Conditions further restrict access. Thus, even a Client belonging to a User Group mentioned in the Sources may be denied access if all the Conditions are not met.

You can configure the following Conditions:

  • operating system and permissible minimal and/or maximal operating system versions
  • geographical location at the time of access (Allowed Origins)
  • time of access as a recurring time or a specific date


A Destination is either an Asset, Virtual Asset or Subnet combined with a service defined on the corresponding object. In order to choose a service as here, please remember to define it on the Asset, Virtual Asset or Subnet first.

Pre-authentication Access

Pre-authentication Access establishes tunnel connections prior to authentication. The policy matches all clients where the last logged on user belongs to one of the Groups in Sources. The tunnel is established before the user logs on to the operating system.