Login
- Table of Contents
-
- 03-Security Configuration Guide
- 00-Preface
- 01-Security zone configuration
- 02-Security policy configuration
- 03-Object group configuration
- 04-Object policy configuration
- 05-AAA configuration
- 06-IPoE configuration
- 07-Portal configuration
- 08-User identification configuration
- 09-Password control configuration
- 10-Public key management
- 11-PKI configuration
- 12-SSH configuration
- 13-SSL configuration
- 14-ASPF configuration
- 15-APR configuration
- 16-Session management
- 17-Connection limit configuration
- 18-Attack detection and prevention configuration
- 19-DDoS protection configuration
- 20-uRPF configuration
- 21-ARP attack protection configuration
- 22-ND attack defense configuration
- 23-IP-MAC binding configuration
- 24-Keychain configuration
- 25-Crypto engine configuration
- 26-SMS configuration
- 27-Terminal identification configuration
- 28-Flow manager configuration
- 29-Trusted access control configuration
- 30-Location identification configuration
- 31-Server connection detection configuration
- 32-MAC authentication configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 29-Trusted access control configuration | 55.71 KB |
Configuring CSAP trusted access control
About CSAP trusted access control
Configuring CSAP trusted access control settings
Configuring a CSAP trusted access policy
Configuring CSAP trusted access control
About CSAP trusted access control
Threat Discovery and Security Operations Platform (CSAP) trusted access control enables the device to collaborate with the CSAP trusted access controller to obtain security status of users and assets. Upon receiving an access request from a user, the device takes relevant action based on the user and asset security status and the specified trusted access policy.
In the zero trust scenario, you can use this feature to control access permissions for users to specific assets.
Configuring CSAP trusted access control settings
About this task
The device collaborates with the CSAP trusted access controller to obtain security status of users and assets, and controls access permissions for users to specific assets based on the specified trusted access policy.
Procedure
1. Enter system view.
system-view
2. Enter CSAP trusted access controller view.
trusted-access controller csap
3. Specify the peer service URL used for providing trusted access control services.
peer-service url service-url
By default, no peer service URL is specified.
4. (Optional.) Specify an SSL client policy used for establishing an SSL connection to the trusted access controller.
ssl-client-policy policy-name
By default, no SSL client policy is specified for establishing an SSL connection to the trusted access controller.
This command is required if the protocol type is HTTPS for the peer service URL.
5. (Optional.) Specify a VPN instance for the trusted access controller.
vpn-instance vpn-instance-name
By default, no VPN instance is specified for the trusted access controller.
Configuring a CSAP trusted access policy
About this task
A CSAP trusted access policy defines user access permissions to assets based on the security status of users and assets.
Perform this task to configure trusted access rules that specify the actions to take on user requests to access assets based on their security statuses.
Restrictions and guidelines
The device predefines 16 trusted access rules that can be edited. You cannot create or delete rules.
Procedure
1. Enter system view.
system-view
2. Enter CSAP trusted access policy view.
trusted-access policy csap
3. Configure a trusted access rule.
rule user-risk-level { fallen | high-risk | low-risk | trust } asset-risk-level { fallen | high-risk | low-risk | trust } action { allow | deny }
By default, the trusted access rule settings are as shown in Table 1.
Table 1 Default trusted access rule settings
|
User security status |
Asset security status |
Action |
|
Compromised |
Compromised |
Deny |
|
Compromised |
High risk |
Deny |
|
Compromised |
Low risk |
Deny |
|
Compromised |
Trusted |
Deny |
|
High risk |
Compromised |
Deny |
|
High risk |
High risk |
Deny |
|
High risk |
Low risk |
Deny |
|
High risk |
Trusted |
Deny |
|
Low risk |
Compromised |
Deny |
|
Low risk |
High risk |
Deny |
|
Low risk |
Low risk |
Allow |
|
Low risk |
Trusted |
Allow |
|
Trusted |
Compromised |
Deny |
|
Trusted |
High risk |
Deny |
|
Trusted |
Low risk |
Allow |
|
Trusted |
Trusted |
Allow |
4. Enable the CSAP trusted access policy.
service enable
By default, the CSAP trusted access policy is disabled.
