SANGFOR IAM v2.1 User Manual
299
used for connecting to a third-party device.
For example, to achieve the two requirements: a). only allow a user to access the WEB service
provided by the headquarters WEB server (other services are unavailable for this user); b). allow
an IP address of a branch VPN “branch1” to access the SQL server of the headquarters (other IP
addresses of this branch are unable to access this server).
You have to configure the privilege of the relevant VPN user to certain service, so as to ensure the
security of the VPN channels and achieve secure management.
Generally speaking, there are two steps to configure the privilege of the user to access LAN
service: a). create LAN service; b). configure the privileges of the corresponding user.
Take the following case as the example: allow an IP address (172.16.1.200) of branch1 to get
access to the FTP server (192.168.1.20) of the headquarters; the requests for other service or the
requests initiated by other IP addresses are denied. Detailed configuration steps are elaborated as
below:
Under the default configuration page [LAN Service], click the <New> button to open the [Edit
LAN Service] configuration dialog, as shown below: