Frequently Asked Question

Access Profile Definition
Last Updated about an hour ago

To configure your GENAccess policies, please profile the information below and return it to the helpdesk. Each section explains what is needed and why.


1. User or Group Being Granted Access

Specify who this policy applies to. This is typically a named user, a job role, or a group (e.g., Active Directory or identity provider group).

  • User(s) / Group(s): (e.g., finance-team, john.smith@example.com)

2. Exit Nodes (Internet Egress)

An exit node routes a peer's internet traffic through a designated gateway, providing a predictable egress IP address. Leave blank if any exit node is allowed.

  • Which exit node(s) are permitted? (e.g., uk-exit-01, or "any available")

3. Permitted Subnets / Routes

List the network ranges the user should be able to reach. These are advertised routes — typically internal LAN segments or specific subnets behind a relay peer.

Subnet (CIDR) Description
e.g. 192.168.1.0/24 Office LAN
e.g. 10.10.0.0/16 Server VLAN
  • If entire LAN access is required, state the LAN range and confirm full access is intended.
  • If access should be restricted to specific hosts, list individual IPs (e.g., 10.10.0.50/32).

4. Access Policy Rules (Ports & Protocols)

For each subnet or host above, define what traffic is permitted. If no restriction is needed (full access), state "all traffic".

Source (User/Group) Destination (Host or Subnet) Protocol Port(s) Purpose
e.g. finance-team 10.10.0.50/32 TCP 443 Internal web app
e.g. finance-team 192.168.1.0/24 Any All Full LAN access
e.g. dev-team 10.10.0.20/32 TCP 22 SSH to dev server

Common protocol/port examples for reference:

  • RDP — TCP 3389
  • SSH — TCP 22
  • HTTPS — TCP 443
  • SMB (file shares) — TCP 445
  • All traffic — Protocol: Any, Ports: All

5. Posture Checks

Posture checks enforce device compliance before access is granted. Indicate which checks should apply to this policy.

Check Requirement Example Value
NetBird client version Minimum version e.g. 0.28.0
Operating system Allowed OS types e.g. Windows 11, macOS 14+
OS version (minimum) Minimum build/version e.g. Windows 10.0.19041
Geo-location Permitted countries e.g. United Kingdom, Ireland
Network (peer IP range) Restrict by source network e.g. 82.x.x.x/24 (office IP)
  • If no posture checks are required, explicitly state "No posture checks".
  • If you are unsure, the helpdesk can advise on appropriate checks based on your risk profile.

6. Policy Direction

Policies are directional. Confirm the required direction:

  • Bidirectional — the user peer and the destination can initiate connections to each other.
  • Unidirectional — only the user peer can initiate connections (most common for remote access).

7. Additional Notes

Include any time-based restrictions, temporary access requirements, or other constraints not covered above.

This website relies on temporary cookies to function, but no personal data is ever stored in the cookies.
OK
Powered by GEN UK CLEAN GREEN ENERGY

Loading ...