Skip Navigation

Controlling network access

You define the network resources that devices enrolled with
can connect to using the access control list (ACL). The ACL defines allowed and blocked destinations on private and public networks. The ACL applies only to users that are assigned a Gateway Service policy.
The ACL applies to all
users in the tenant. Each network access attempt by a device is evaluated against the rules, in order, for each connection phase (DNS lookup, connection establishment, and TLS handshake) until a rule that matches the attempt is found. The rule must match on all specified properties including destination or destination categories, specified users or groups, and the risk level determined for the destination. The first matching rule determines whether the access attempt is blocked or allowed to continue to the next phase. An access attempt that is allowed through all of its phases can be fully established. If a network access attempt does not match any rule in the ACL, access is blocked. The ACL supports a maximum of 1000 rules.