NetExtender Configuration | 195NetExtender > Client RoutesThis section provides an overview of the NetExtender > Client Routes page and a descriptionof the configuration tasks available on this page.• “NetExtender > Client Routes Overview” section on page 195• “Adding NetExtender Client Routes” section on page 195NetExtender > Client Routes OverviewThe NetExtender > Client Routes page allows the administrator to add and configure clientroutes.Figure 28 NetExtender > Client RoutesAdding NetExtender Client RoutesThe NetExtender client routes are passed to all NetExtender clients and are used to governwhich private networks and resources remote user can access via the SRA connection.Group-level NetExtender routes should be assigned from both primary and additional groups ifthe user-level option to “Add Group NetExtender Client Routes” is enabled. User-level NXroutes must always be pushed to the NX client, and global routes must still depend on the “AddGlobal NetExtender Client Routes” option as they did before. IPv4 and IPv6 routes both followthese rules.Note With group access policies, all traffic is allowed by default. This is the opposite of the defaultbehavior of Dell SonicWALL Unified Threat Management (UTM) appliances, where allinbound traffic is denied by default. If you do not create policies for your SRA appliance, thenall NetExtender users may be able to access all resources on your internal network(s).Additional allow and deny policies may be created by destination address or address range andby service type.Note The most specific policy will take precedence over less specific policies. For example, apolicy that applies to only one IP address will have priority over a policy that applies to arange of IP addresses. If there are two policies that apply to a single IP address, then a