Skip to content

Policy

Define authentication and authorization rules. Authentication is about creating tunnels, who can connect and create secure tunnels. Authorization is about accessing services, after creating tunnels, who can access which services

Where It Works

Policy

Authentication (Authn)

Accessing to networks, depends on {first match first execute} otherwise DENY request. If a rule matches from top to bottom, its action (allow or deny) will execute, if no rule matches DENY executes

Lets examine below rule

Policy Authentication

If a user belongs to group devops, then it will be allowed (because action is allow) to create secure tunnels to network dev

Ip Profile

Ips

  • Custom white list and ip intelligence whitelist ips are allow immediately
  • Then, blacklist and vpn, tor etc..., immediately deny immediately
  • Then, only ips from selected countries are allowed
Time Profile

Ips

  • allow if time is 09:00 to 17:00, at Monday,Tuesday,Wednesday,Thursday,Friday and timezone is America/Newyork.

Warning

This timezone does not mean location, only timezone information.

Device Posture

Ips

  • Check if device posture matches one of the selected profiles. You can create profiles under settings/device posture

Warning

Test before using it.

Authorization (Authz)

Accessing to services, depends on {first match first execute} otherwise DENY request like authentication. If a rule matches from top to bottom, its allowed, if no rule matches DENY executes.

Lets examine below rule

Policy Authorization

If connection comes from network dev to service test-map, and if user belongs to group devops, then allow it