Zero Trust Policies and Rules

Understanding Zero Trust Policies and Rules

Zero Trust Application Access Policies enable you to define granular level permissions to ensure that only authorized users have access to specific applications.

Policies and rules are an additional layer of security for our Zero Trust Applications.
They provide Administrators and Managers with the ability to set granular sets of rules into Policies that will limit access to internal and cloud resources based on Groups, Date and Time, Geo-location, Operating Systems, Browsers, and much more.

How to Set Up Zero Trust Policies and Rules

Creating an Application Access Policy

1. Access the Harmony SASE Administrator Portal and click Private Access > Application Policies.
2. Click Add Policy.
   The Add New Policy page appears.
   
3. Enter these:
   1. Policy Name - Name of the policy.
   2. Logical Operator 
      1. From the policy action list, select either of these:
         • Allow
         • Deny
      2. From the list, select one of these:
         • When All Match – The policy is considered compliant only if all defined rules are met.
         • When Some Match– The policy is considered compliant if at least one defined rule is met.
           • Example 1: When all match
             Assume you have configured an application policy with the Allow action and the When all match condition:
             
             • Browser: Firefox
             • Location (Country): India
               In this case, access is allowed only if the user is using the Firefox browser and is located in India.
           • Example 2: When some match
             Now, assume the same application policy is configured with the Allow action and the When some match condition:
             
             • Browser: Firefox
             • Location (Country): India
               In this scenario, access is allowed if either the user is using the Firefox browser or is located in India.
   3. Select the condition to apply the policy.
4. To add the rules for the policy, click Add Rule and specify one or more of these options:
   • Group
   • Date and Time
   • Location (IP)
   • Location (Country)
   • Browser
   • OS and Version
     
5. To attach an existing policy with the new policy, click Add Policy and select a policy.
6. Click Save.
   The new policy is listed in your Policy page.

Assigning a Policy to an Application

1. Access the Harmony SASE Administrator Portal and click Private Access > Applications.
2. Click for the application and click Edit.
   
3. In the Policy section, from the Policy Name list, select a policy.
   

4. Click Apply.

Recommendations

1. Always review your application access policies periodically to ensure they are up-to-date with organizational needs.
2. Test new policies on a small group before rolling them out organization-wide.

Troubleshooting

If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

Support Contacts

If you have any difficulties or questions, don't hesitate to contact Perimeter 81's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at sase-support@checkpoint.com. We're here to assist you and ensure your VPN tunnel setup is a success