Path: Policies → Server Access
The page
The Server Access policy page is a single ordered table of rules, grouped by priority bucket.
A built-in Implicit Policy row sits at the bottom in the Low bucket with everything set to Any and Action Drop the traffic. It catches everything not explicitly allowed and cannot be deleted — it can only be out-prioritized by other rules.
First added policy has more precedence in the same priority bucket. Order within a priority bucket matters.
Adding a rule
1
Navigate to Server Access
Go to Policies → Server Access and click Add Secure Server Access Policy +.
2
Fill in the rule details
- Name — descriptive (e.g. DevOps SSH to prod).
- Priority — dropdown. Default High. Other values: Medium, Low.
- Source — dropdown of Usergroups and users from Managing Users & Groups. Tick Any to apply to all sources.
- Destination — dropdown of registered Secure Servers from Managing Secure Servers. Tick Any Server to apply to all.
- Service — dropdown of services/ports defined as Objects. Tick Any to apply to all services.
- Action — radio buttons: Accept the traffic (permit) or Drop the traffic (block).
3
Save
Click Save. The rule appears in the table in the priority bucket you chose.
Editing a rule
Click the edit icon on the rule’s row, change the relevant fields, and save.Deleting a rule
Click the delete icon on the rule’s row and confirm. The implicit deny-all row at the bottom cannot be deleted.Things to remember
- Default is deny. Until you add an Accept the traffic rule, no one can reach any Secure Server through Osto.
- Order within a priority bucket matters — the first matching rule wins. If two rules in the Medium bucket both match, the one you added first takes effect.
- Use specific over generic. Prefer user → specific server → specific service rules over broad Any rules. The audit trail in Logs → Secure Server is far more useful that way.
Related
- Managing Secure Servers — register the servers these rules target.
- Managing Users & Groups — define the Sources.
- Core Concepts — the model behind Objects (Services, Ports, Schedules).

