---
title: "Zero Trust Policies and Rules"
slug: "360025468933-how-to-manage-zero-trust-application-access-policies"
tags: ["Essentials", "Premium", "Enterprise"]
updated: 2026-04-07T09:08:35Z
published: 2026-04-07T09:08:35Z
canonical: "support.perimeter81.com/360025468933-how-to-manage-zero-trust-application-access-policies"
stale: true
---
> ## Documentation Index
> Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Zero Trust Policies and Rules
## Understanding Zero Trust Policies and Rules
Zero Trust Application Access Policies enable you to define granular level permissions to ensure that only authorized users have access to specific applications.
Policies and rules are an additional layer of security for our Zero Trust Applications. They provide **Administrators** and **Managers** with the ability to set granular sets of rules into **Policies** that will limit access to internal and cloud resources based on **Groups**, **Date and Time**, **Geo-location**, **Operating Systems**, **Browsers,** and much more.
## How to Set Up Zero Trust Policies and Rules
[Embedded content](https://www.youtube.com/embed/I9BIT_DFVUQ?&list=PLcS2QxAzT14xRRYObrtesGIB_4GJPPDGj&index=1&wmode=opaque)
## Creating an Application Access Policy
1. Access the Check Point SASE Administrator Portal and click **Private Access** > **Application Policies**.
2. Click **Add Policy**.
The **Add New Policy** page appears.
3. Enter these:
1. **Policy Name** - Name of the policy.
2. **Logical Operator**
1. From the policy action list, select either of these:
- **Allow**
- **Deny**
2. From the list, select one of these:
- **When All Match** – The policy is considered compliant only if all defined rules are met.
- **When Some Match**– The policy is considered compliant if at least one defined rule is met.
- *Example 1*: **When all match**
Assume you have configured an application policy with the **Allow**action and the **When all match**condition:
- **Browser**: Firefox
- **Location (Country)**: India
In this case, access is allowed only if the user is using the Firefox browser and is located in India.
- *Example 2*: **When some match**
Now, assume the same application policy is configured with the **Allow** action and the **When some match**condition:
- **Browser**: Firefox
- **Location (Country)**: India
In this scenario, access is allowed if either the user is using the Firefox browser or is located in India.
3. Select the condition to apply the policy.
4. To add the rules for the policy, click **Add Rule**and specify one or more of these options:
- **Group**
- **Date and Time**
- **Location (IP)**
- **Location (Country)**
- **Browser**
- **OS**and **Version**
****
5. To attach an existing policy with the new policy, click **Add Policy** and select a policy.
6. Click **Save**.
The new policy is listed in your **Policy**page.
## Assigning a Policy to an Application
1. Access the Check Point SASE Administrator Portal and click **Private Access** > **Applications**.
2. Click  for the application and click **Edit**.
3. In the **Policy**section, from the **Policy** **Name**list, select a policy.
4. Click **Apply**.
## Recommendations
1. Always review your application access policies periodically to ensure they are up-to-date with organizational needs.
2. Test new policies on a small group before rolling them out organization-wide.
## Troubleshooting
If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.
## Support Contacts
If you have any difficulties or questions, don't hesitate to contact Perimeter 81's support team. We offer 24/7 chat support on our website at [sase.checkpoint.com](https://sase.checkpoint.com/), or you can email us at sase-support@checkpoint.com. We're here to assist you and ensure your VPN tunnel setup is a success