Mobile Access can get its policy from the Unified Access Policy or from a legacy Mobile Access Policy.

  • Unified Access Policy - Configured as part of the Unified Access Control Policy in SmartConsole.
  • Legacy Mobile Access Policy - Configured in SmartDashboard > Mobile Access tab > Policy, as in pre-R80.10 releases.

You can also enable which Mobile Access clients can connect to the gateway. These options are also configured in the Mobile Access wizard that runs when you enable Mobile Access on a gateway.

What background information do I need to know?

Mobile Access and the Unified Policy

When you include Mobile Access in the Unified Policy, you configure all rules related to the Mobile Access portal, Capsule Workspace, and on-demand clients in the Access Control Policy.

In the Access Control Rule Base, you can configure rules that:

  • Apply to all Mobile Access gateways, or some of them.
  • Apply to one or more Mobile Access clients, such as the Mobile Access portal or Capsule Workspace.

Mobile Access features such as Protection Levels, Secure Workspace, and Endpoint Compliance also apply.

Note that when you use the Unified Access Policy, some Mobile Access features and settings are still configured in the SmartDashboard > Mobile Access tab.

  • You can include Mobile Access rules in Policy Layers and Inline Layers. You must enable Mobile Access on each Layer that contains rule with Mobile Access applications.
  • To make a Mobile Access application show in the Mobile Access portal or in Capsule Workspace, you must put the application in the Services & Applications column.
    • If you put Any in the Services & Applications column, the application does not show in the portal but it is allowed. You can open it from the Mobile Access portal if you manually enter the URL, but not from Capsule Workspace. You can change this behavior. See sk112576 for details.
    • If you put an application's service, such as HTTPS, in the Services & Applications column, it does not match Mobile Access https applications.
  • In the Services & Applications column, you must use Mobile Access Application objects in rules to match Mobile Access traffic. You can define these applications in:
    • In SmartConsole: CustomApplications/Sites > Mobile Applications
    • In SmartDashboard > Mobile Access tab > define an application.

    Application objects defined for Application Control, for example, are not supported in Mobile Access rules.

  • When you enable Mobile Access on a gateway, the gateway is automatically added to the RemoteAccess VPN Community. Include that Community in the VPN column of the rule or use Any to make the rule apply to Mobile Access gateways. If the gateway was removed from the VPN Community, the VPN column must contain Any.
  • Use Access Roles as the Source or Destination for a rule to make the rule apply to specified users or networks. You can also use an Access Role to represent Mobile Access or other remote access clients.

    You must enable Identity Awareness on each gateway that is an installation target for rules with Access Roles.