Skip to content


Policies control access to Assets, Virtual Assets and Subnets. A Policy is defined by its Sources, Conditions and Destinations. Policies can be disabled and are then not evaluated.


On the source side you can choose:

  • One or more User Groups to permit access to all Users in the chosen groups.
  • One or more Assets to control machine to machine access.
  • Virtual Assets or Subnets cannot be selected as Sources


Conditions further restrict access. Thus, even a Client belonging to a User Group mentioned in the Sources may be denied access if all the Conditions* are not met.

You can configure the following Conditions:

  • operating system and permissible minimal and/or maximal operating system versions
  • geographical location at the time of access (Allowed Origins)


A Destination is either an Asset, Virtual Asset or Subnet combined with a service defined on the corresponding object. In order to choose a service as here, please remember to define it on the Asset, Virtual Asset or Subnet first.