Product Documentation

Secure Mobile Gateway Policies and Rules

Sep 27, 2015
You configure ActiveSync policies and rules to allow or deny access to all users, user groups, individual users, all devices, device types, individual devices, or device user agent strings. The default Secure Mobile Gateway configuration includes a number of basic policies that you can view on the Policies tab of the configuration utility.

Secure Mobile Gateway uses filter-based rules to allow or block access. A particular client request is evaluated against the organization's rules with the end result being a binary state of allowed (the client is permitted to contact the CAS server) or blocked (the client request is dropped and access to the CAS is not permitted).

Secure Mobile Gateway uses a two-tiered filter model. The first tier parses the incoming HTTP requests based on path-specific information, and the second tier filters based on user and/or device specific information. You configure filters in XenMobile Device Manager. Specific filter rules pertaining to the user accounts and devices in your organization are stored in the Secure Mobile Gateway XML configuration files.

To configure custom policies by editing the Secure Mobile Gateway XML file

You can view the basic policies in the default configuration on the Policies tab of the configuration tool. If you want to create custom policies, you can edit the XML configuration file (config\config.xml).

  1. Find the PolicyList section in the file and add a new Policy element.
  2. If a new Group is also required, such as an additional static group or to support an additional GCP, add the new Group element to the GroupList section.
  3. Optionally, you can change the ordering of Groups within an existing Policy by rearranging the GroupRef elements.