[clady]

Hello,

I have to configure access control rules to allow Internet access, through a proxy server, but I've also to disallow access to our internal servers, for security reasons.

So I'm trying to write the needed rules but I noticed that BES 4.1, unlike the 4.0 version, doesn't allow the usage of regular expression.

In fact, every special char it is converted to its plain text format. For example "\w" is converted to "\\w" or "^" to "\^".

In my opinion, the convertion has done by the BlackBerry Manager GUI because regular expressions defined on the previous version were correctly imported during the upgrade.

Can you help me to understand how can write complex rules, taking into account also that rules are evaluated independently by their position (deny seems to wins over all, even if there's a more specific allow rule)?

Should I try to write the rules writing them on the Manager and then modifying the respective fields directly on SQL DB? I tryed this solution on a test environment but, although it seems to work fine, it doesn't seems to me the right way....

Thanks.

[fadmin]

Read this as it may help:
View Document

[clady]

Thank you very much but as you can see, the document reports a different procedure for each of the two BES version 4.0 and 4.1.
In the second one, unlike the 4.0 version, the Manager doesn't admit regular expression but only the usage of "*" char.
And this is not enough for me that have to configure more complex rules in order to both give Internet access and blocking traffic to internal servers.
I can confirm that also today I tryed to modify the rules directly on the SQL server, of our test environment, and regular expressions worked fine.
So this restriction seems to be introduced by the GUI.
Another problem is that it's not clear to me how rules are evaluated. "Deny" seems to win over all, even if there is a more specific "allow" rule. Strange overall is the fact that rules are evaluated independently of their position.

I'm seriously taking into account to use a firewall to control the traffic, but in this case I'll loose the possibility to make user based access control.

So, other suggestions are still welcome.