Hi Christof-
This can be achieved in a single policy using a branching folder in your policy logic. I have attached a sample policy in xml below.
-{Folder} At Least One Must Be True
* Assertion: Require SSL with Client Certificate Authentication
<OR>
*Assertion: Allow Access to IP Address Range [198.176.1.0/24]
Composing Policy Logic - CA API Gateway - 9.2 - CA Technologies Documentation
Best practice tips: Optimize the order of assertions in your policy. Since policy execution for a branch halts upon failure, put your "cheapest" or most "lightweight" assertions earlier in your policy. For example: If SSL is always required, check for it early on in your policy. Checking for SSL is very fast and it quickly discards attack attempt with non-SSL messages.
"Quick" assertions are those that simply check for the existence of certain data; examples include:
--- SAMPLE POLICY XML ---
<?xml version="1.0" encoding="UTF-8"?>
<exp:Export Version="3.0"
xmlns:L7p="http://www.layer7tech.com/ws/policy"
xmlns:exp="http://www.layer7tech.com/ws/policy/export" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
<exp:References/>
<wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
<wsp:All wsp:Usage="Required">
<wsp:OneOrMore wsp:Usage="Required">
<L7p:SslAssertion>
<L7p:RequireClientAuthentication booleanValue="true"/>
</L7p:SslAssertion>
<L7p:RemoteIpAddressRange/>
<L7p:assertionComment>
<L7p:Properties mapValue="included">
<L7p:entry>
<L7p:key stringValue="LEFT.COMMENT"/>
<L7p:value stringValue="Branch for SSL or IP"/>
</L7p:entry>
</L7p:Properties>
</L7p:assertionComment>
</wsp:OneOrMore>
</wsp:All>
</wsp:Policy>
</exp:Export>