Permitting access based on a set of conditions with an AND clause

A common policy scenario is to use multiple conditions in a single rule and to join those conditions with And or Or. In this scenario, access is permitted if both of the policy conditions that are joined by And are true.

Use the steps in this scenario task to create a policy that permits access if both of the following conditions are true:

• The calculated risk score is less than or equal to a value of 40.
• The reputation of the ipAddress in the request is not considered malware.

Steps

1. Log in to the local management interface.

2. Click AAC.

3. Under Policy, click Access Control.

4. In the center panel, click .

5. Enter a name for the policy.

6. In the Rules section, set the Precedence property to Permit. As a result, access is permitted if any rule returns permit.

7. Click Add Rule.

8. Click If all are true. The rule evaluates to true if all of the conditions in the rule are true.

9. Select riskScore from the attribute list.

10. Select <= as the operator.

11. Type 40 as the value.

12. Click to add another condition to the rule.

13. Select ipReputation from the attribute list.

14. Select has member as the operator.

15. Type Malware as the value.

16. Click to convert the condition to a Not condition.

17. In the Decision list, select Permit.

18. Click OK to complete the rule.

19. Click the arrow next to Add Rule.

20. Click Unconditional rule.

21. In the Decision list, select Deny. The unconditional Deny rule causes the policy to deny access if none of the permit access rules evaluate to true.

22. Click OK.

This scenario uses the following settings in the policy editor.

• Precedence: Permit
• Attributes: Optional
• Rule 1: If riskScore <=40 and not (ipReputation has member Malware) Then Permit
• Rule 2: Deny

Parent topic: Policy scenarios