Hope this helps bro.
Unified is way to go.
Mobile Access can get its policy from the Unified Access Policy or from a legacy Mobile Access Policy.
- - Configured as part of the Unified Access Control Policy in SmartConsole.
- - Configured in SmartDashboard > Mobile Access tab > Policy, as in pre-R80.10 releases.
You can also enable which Mobile Access clients can connect to the gateway. These options are also configured in the Mobile Access wizard that runs when you enable Mobile Access on a gateway.
What background information do I need to know?
Mobile Access and the Unified Policy
When you include Mobile Access in the Unified Policy, you configure all rules related to the Mobile Access portal, Capsule Workspace, and on-demand clients in the Access Control Policy.
In the Access Control Rule Base, you can configure rules that:
- Apply to all Mobile Access gateways, or some of them.
- Apply to one or more Mobile Access clients, such as the Mobile Access portal or Capsule Workspace.
Mobile Access features such as Protection Levels, Secure Workspace, and Endpoint Compliance also apply.
Note that when you use the , some Mobile Access features and settings are still configured in the SmartDashboard > tab.
- You can include Mobile Access rules in Policy Layers and Inline Layers. You must enable Mobile Access on each Layer that contains rule with Mobile Access applications.
- To make a Mobile Access application show in the Mobile Access portal or in Capsule Workspace, you must put the application in the column.
- If you put in the column, the application does not show in the portal but it is allowed. You can open it from the Mobile Access portal if you manually enter the URL, but not from Capsule Workspace. You can change this behavior. See sk112576 for details.
- If you put an application's service, such as HTTPS, in the column, it does not match Mobile Access https applications.
- In the column, you must use Mobile Access Application objects in rules to match Mobile Access traffic. You can define these applications in:
- In SmartConsole: >
- In SmartDashboard > tab > define an application.
Application objects defined for Application Control, for example, are not supported in Mobile Access rules.
- When you enable Mobile Access on a gateway, the gateway is automatically added to the VPN Community. Include that Community in the column of the rule or use to make the rule apply to Mobile Access gateways. If the gateway was removed from the VPN Community, the column must contain .
- Use Access Roles as the or for a rule to make the rule apply to specified users or networks. You can also use an Access Role to represent Mobile Access or other remote access clients.
You must enable Identity Awareness on each gateway that is an installation target for rules with Access Roles.
