Rules and Policies ================== ## Rules A Rule defines allowed connection sources (Users, Groups, Servers, Server Groups) and destination protocols/ports. Rules can be managed via the Hub's Web UI or API. Connection destinations (Servers and Server Groups) are defined when you create a Policy. Rules are applied only when added to Policy. A rule consists of several fields described below. Rule changes are effective the moment they are saved or updated. __Name__ A name for the Rule, eg "Allow SSH access for developers", or "Allow web access for Testers", or "Allow RDP for admins". The name should reflect the sources and allowed ports/protocols that the Rule defines, noting that the destinations that the rule applies to is configured later in the Policies page. __Destination protocol__ Options are `TCP`, `UDP`, `ICMP`, `Any Protocol`. This defines the destination protocol permitted by this Rule. For unlisted protocols, select `Any Protocol` and filter using your Server's OS or firewall. __Destination ports__ A single or comma-separated list of numbers, with optional dashed ranges, defining the allowed ports for the Rule. Leave blank for rules that are not of type TCP or UDP. Eg: `80,443,7000-8000` __Source Users__ A list of User ID's that are permitted as sources by the Rule. __Source Groups__ A list of User Groups whose members are permitted as sources by the Rule. __Source Servers__ A list of Servers that are permitted as sources by the Rule. __Source Server Groups__ A list of Server Groups whose members are permitted as sources by the Rule. ## Policies A Policy defines a list of target (destination) Servers and a set of one of more previously defined Rules (which define sources) that govern connectivity permissions. Policies can be managed via the Hub's Web UI or API. A Policy consists of several fields described below. Policy changes are effective the moment they are saved or updated. __Name__ A name for the Policy, eg "Development Server Remote Access", or "Production web server frontend access", or "Backend database access". The name should reflect the target systems that the Policy defines, along with Rules (sources and protocols) that are added to the policy. __Description__ An optional description of the Policy, for reference by Hub admin users __Rules__ list of previously defined Rules sourced by the Policy. __Target Servers__ A list of Servers that are targetted by the Policy. __Target Server Groups__ A list of Server Groups whose members are targetted by this Policy.