Defining User IP Access

 

On a per user account basis, you can specify an IP address or Fully Qualified Domain Name (FQDN) that will determine if the connecting user can access the MFT Server.

 

To configure this optional feature, navigate to Domain > ACCOUNTS > Users > Users and Add or Edit a user.  The IP Access tab is where you configure this option. The image below depicts adding an IP Access Rule for an existing user.

 

 

To add an IP Access Rule, click on the IP Access tab, then click on the Add button. The Add IP Access Rule dialog will appear, as depicted in the image above.

 

IP mask - The IP address or IP address mask to allow or deny access. Both wildcard (e.g. 192.168.1.*) and CIDR (e.g. 192.168.1.0/24) notations are supported. In addition, you can also use a FQDN in the mask field (e.g. my.domain.com, *.domain.com, or my.domain.*).

 

Reason - Reason access is allowed or denied.

 

Access allowed - Select to have access allowed.

 

Access denied - Select to have access denied.

 

Access rules are processed in the order listed. For each connection, the first matching access rule will be used. Therefore, it is important that the access rules are ordered correctly to prevent a user from being mistakenly denied or granted access. You may use the Up and Down buttons to order the access rules to suit your needs. If you are adding a deny rule - whether it is in CIDR notation, wildcard mask, FQDN or an individual IP, please make sure to place (bring up) the rule to the top.

 

IP mask examples

 

Examples of valid IP masks are as follows:

 

192.168.1.1 - Allows/Blocks a single IP address

192.168.1.* - Allows/Blocks all IP addresses in a class C IP block.

192.168.*.* - Allows/Blocks all IP addresses in a class B IP block.

10.0.0.0/27 - Allows/Blocks all IP addresses from 10.0.0.1 to 10.0.0.30

192.168.0.0/17 - Allows/Blocks all IP addresses from 192.168.0.1 to 192.168.127.254

*.*.*.* - Allows/Blocks all IP addresses.

*.domain.com - Allows/Blocks all host addresses associated with the specified domain name.

Host.domain.com - Allows/Blocks the host address on the specified domain.