Defining User IP Access
On a per user account basis, you can specify an IP address or Fully Qualified Domain Name (FQDN) that will determine if the connecting user can access the MFT Server.
To configure this optional feature, navigate to Domain > ACCOUNTS > Users > Users
and Add
or Edit
a user. The IP Access
tab is where you configure this option. The image below depicts adding an IP Access Rule for an existing user.
To add an IP Access Rule, click on the IP Access tab, then click on the Add
button. The Add IP Access Rule
dialog will appear, as depicted in the image above.
IP mask - The IP address or IP address mask to allow or deny access. Both wildcard (e.g. 192.168.1.*) and CIDR (e.g. 192.168.1.0/24) notations are supported. In addition, you can also use a FQDN in the mask field (e.g. my.domain.com, *.domain.com, or my.domain.*).
Reason - Reason access is allowed or denied.
Access allowed - Select to have access allowed.
Access denied - Select to have access denied.
Access rules are processed in the order listed. For each connection, the first matching access rule will be used. Therefore, it is important that the access rules are ordered correctly to prevent a user from being mistakenly denied or granted access. You may use the Up
and Down
buttons to order the access rules to suit your needs. If you are adding a deny rule - whether it is in CIDR notation, wildcard mask, FQDN or an individual IP, please make sure to place (bring up) the rule to the top.
IP mask examples
Examples of valid IP masks are as follows:
192.168.1.1 - Allows/Blocks a single IP address
192.168.1.* - Allows/Blocks all IP addresses in a class C IP block.
192.168.*.* - Allows/Blocks all IP addresses in a class B IP block.
10.0.0.0/27 - Allows/Blocks all IP addresses from 10.0.0.1 to 10.0.0.30
192.168.0.0/17 - Allows/Blocks all IP addresses from 192.168.0.1 to 192.168.127.254
*.*.*.* - Allows/Blocks all IP addresses.
*.domain.com - Allows/Blocks all host addresses associated with the specified domain name.
Host.domain.com - Allows/Blocks the host address on the specified domain.