Login
- Table of Contents
-
- 04-Policies
- 01-Security policy
- 02-Security policy redundancy analysis
- 03-Security policy hit analysis
- 04-Security policy optimization
- 05-Policy-based NAT
- 06-Interface NAT
- 07-AFT
- 08-QoS
- 09-Bandwidth management
- 10-Application audit
- 11-Application proxy
- 12-IP reputation
- 13-Domain reputation
- 14-Blacklist
- 15-Connection limit
- 16-Server connection detection
- 17-Access rate limit
- 18-DLP
- 19-Server load balancing
- 20-Outbound link load balancing
- 21-Inbound link load balancing
- 22-Transparent DNS proxy
- 23-NetShare control
- 24-Zero trust policy
- 25-Trusted application proxies
- 26-Trusted API proxies
- 27-NAT66
- 28-uRPF
- 29-Load balancing common configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 24-Zero trust policy | 24.24 KB |
This help contains the following topics:
· Configure zero trust policy settings
Introduction
The zero trust policy defines the permissions for users to access assets based on the user and asset security status. The device uses the specified risk engine to evaluate security status of users and assets, and implements policy-based access control on access requests according to the evaluation information.
Configure zero trust policy settings
1. Click the Policies tab.
2. In the navigation pane, select Zero Trust > Zero Trust Policy.
3. Configure zero trust policy settings.
Table 1 Zero trust policy configuration items
|
Item |
Description |
|
Risk engine URL |
Enter the risk engine URL. The device can use the risk engine to evaluate security status of users and assets. The risk engine URL is a case-insensitive string in the format of protocol type://server IP address:port number/resource path, where: · The protocol type is HTTP or HTTPS. The default is HTTP. · The server IP address can only be an IPv4 address. |
|
Controller VRF |
Specify the name of the VPN instance to which the risk engine belongs. The name is a case-sensitive string. |
|
Enable zero trust policy |
Select the option to enable the zero trust policy feature. After you select this option, you can click View connectivity to test the connectivity between the device and the specified risk engine. The device predefines 16 policies. You can edit actions for the policies, but you cannot create or delete policies. If the zero trust policy feature is disabled, the device cannot collaborate with the risk engine to evaluate security status of users and assets. |
4. To view security status of users or assets obtained from the risk engine, click the Risky User Info or Risky Asset Info tabs.
