Create a web security policy

You can create a security policy that requires users to log in from a specific IP address or range of IP addresses. For example, to allow OEM Cloud users to log in only from certain systems, use the CIDR (Classless Inter-Domain Routing) setting.

Note You can also Remove a web security policy after it has been created.

1. Click Security > Policies.
2. Click Web.
3. Click Add in the Policies panel. The Add New Policy dialog appears.
4. Type a name and description for the policy. For example, if the policy will apply to a site or office location, provide the name and description for that site.
5. Click Add.
6. Select the new policy from the Policies list.
7. Click Add in the Rules panel. The Add New Rule dialog appears.
8. Select CIDR Block from the drop-down menu.
9. Type the rule. You must provide an IP address with wildcards that specify the value for the 32-bit IP address. You can use a CIDR converter, if needed. Examples:
• 192.0.0.0/8 (allow any IP address that starts with 192)
• 192.168.0.0/16 (allow any IP address that starts with 192.168)
• 192.168.1.0/24 (allow any IP address that starts with 192.168.1)
• 192.168.1.27/32 (only allow IP address 192.168.1.27)
10. Provide a description of the rule. For example: "Log in allowed from IP address ranges from 192.168.1 to 255".
11. Click Add. The rule displays in the Rules pane.
12. You can remove a rule that is not needed.
    1. In the Rules pane, select the rule you want to remove. The Remove button appears in the toolbar.
    2. Click Remove.
13. Apply the new security policy to one or more users from the Security > Users tab. See Assign a web security policy to a user.