How to configure MyNetwork rule in Policy Manager autoselect

This article describes how you can configure the MyNetwork rule in F-Secure Policy Manager.

MyNetwork works using a single IP address.

If the IP is in the same network as the workstation (based on the calculations from the IP netmask & IP address of the workstation), the rule will return "true" as the value.

E.g. your IP is 192.168.1.15, netmask 255.255.255.0. MyNetwork rule is set to "192.168.1.1" -> true.
If the network configuration is the same, but if MyNetwork is set to "192.168.2.21" -> false.

To use the Security Level Autoselection feature, you can use different criteria. The most common criteria are DNS server and gateway IP addresses. You should not use the client IP if you are using DHCP without reservations.

To enable MyNetwork Autoselection:

Make sure that Security Level Autoselection is enabled. To enable Security Level Autoselection, select User can change or Admin fullcontrol from the Autoselect Mode drop-down list.
Click Add to add the first security level (in this example Office).
You can enter the data in the cells by selecting a cell and clicking Edit. For the Office security level you should add the following data:
- Priority: The rules are checked in the order defined by the priority numbers, starting from the smallest number.
- Security level: Enter here the ID (composed of a number and a name) of the security level, for example
```
40 office
```
  .
- Method 1: Select DNS Server IP Address from the drop-down list and Argument 1: Enter here the IP address of your local DNS server, for example
```
10.128.129.1
```
  .
- Method 2: Select Default Gateway IP Address from the drop-down list and Argument 2: Enter the IP address of you default gateway, for example
```
10.128.130.1
```
  .
You can only use one argument, for example one IP address, in the Argument field. If there are several default gateways in use in your company and you want to use all of them in the Security Level Autoselection, you can create a separate rule for each of them in the table.
The first security level is now ready. Click Add to add the second security level (in this example Mobile).
Enter the data in the cells by selecting a cell and clicking Edit. For the Mobile security level you should add the following data:
- Priority: The rules are checked in the order defined by the priority numbers, starting from the smallest number.
- Security level: Enter here the ID of the security level, for example
```
20 mobile
```
  .
- Method 1: Select Dialup from the drop-down list.
- Argument 1: You can leave this empty.
- Method 2: Select Always from the drop-down list.
- Argument 2: You can leave this empty.

The configuration is now ready.

Please refer to Chapter "Configuring security level autoselection" in F-Secure Policy Manager Administrator's guide. The combination of the Method 1 and Method 2 is treated as logical "and" operation, so both of them need to return "true" to activate the profile. In most cases, it is recommended to use two methods to identify the network properly.

Usually the combination of the DNS server address and the GW server address is a fairly good way to identify the network. In some occasions, this is not possible and you'll need to use the other methods. Remember to define one method1=always & method2=always rule as the last one (lowest priority). This will be the "fallback" profile which will be activated if no other rule above it returns true.