In an environment where Network Security is enabled and uses Allow Rules, Workspace Control does not allow any connections by default. The connections that users need to do their job, must be specifically authorized.
For example, it is not enough to give the administrators of a company's Linux servers an SSH client in their Workspace Control sessions. For the administrators to do their work, the SSH client must be authorized to connect to the Linux servers using TCP/IP over a given port. This can be achieved by creating application-level Authorized Connections for the SSH client, authorizing incoming and outgoing TCP/IP communication over port 22 to the relevant hosts.
Additional restrictions can be added as required. For example:
Workspace Control on the authorized connection can restrict the authorized connection to a specific set of workstations. The authorized connection will only be available from computers in that Workspace, but not from other computers.
You can create a separate authorized connection for each Linux server, and restrict each authorized connection to a set of specific administrators, so that, for example, only administrators who work in the London office can access the servers for the London office, while only the French administrators can access the servers for the French office.
Instead of application-based Authorized Connections, you can create global ones with the relevant Access and Workspace Control.
With Allow Rules, the list of blocked connections is ignored.