Deny access based on a set of conditions with an OR clause

A common policy scenario is to use multiple conditions in a single rule and to join those conditions with And or Or. In this scenario, access is denied if either of the policy conditions that are joined by Or are true.

Use the steps in this scenario task to create a policy that denies access if either of the following conditions are true:

• The calculated risk score is higher than a value of 40.
• The reputation of the ipAddress in the request is considered malware.

Steps

1. Log in to the local management interface.

2. Click AAC.

3. Under Policy, click Access Control.

4. In the center panel, click .

5. Enter a name for the policy.

6. In the Rules section, set the Precedence property to Deny. As a result, access is denied if any rule returns deny.

7. Click Add Rule.

8. Click If Any are true. The rule evaluates to true if any of the conditions in the rule are true.

9. Select riskScore from the attribute list.

10. Select > as the operator.

11. Type 40 as the value.

12. Click to add another condition to the rule.

13. Select ipReputation from the attribute list.

14. Select has member as the operator.

15. Type Malware as the value.

16. In the Decision list, select Deny.

17. Click OK to complete the rule.

18. Click the arrow next to Add Rule.

19. Click Unconditional rule.

20. In the Decision list, select Permit. The unconditional Permit rule causes the policy to permit access if none of the deny access rules evaluate to true.

21. Click OK.

This scenario uses the following settings in the policy editor.

• Precedence: Deny
• Attributes: Optional
• Rule 1: If riskScore >40 or ipReputation has member Malware Then Deny
• Rule 2: Permit

Parent topic: Policy scenarios