Controlling Network Interface

Provides the functionality to disable interfaces when a risk event occurs. This feature is part of the various control methods offered by ZTNA, specifically the interface control functionality.

• Administrators can define various conditions as policies to control the network interfaces of endpoints.

You can configure endpoint users' Windows devices to disable wired, wireless, bridge, and promiscuous modes. Additionally, custom messages displayed in pop-ups can notify users of events where interfaces are disabled.

Network Interface Control Options Configuration

1. Block by Type: Specify the type of network to disable (Wired, Wireless, or All).
2. Default Device Exception: When set to "On," network devices capable of communicating with the policy server are excluded from being blocked.
3. Bridge Blocking: When set to "On," forces bridge interfaces to be disabled, regardless of the Default Device Exception option.
4. Promiscuous Blocking: When set to "On," forces promiscuous interfaces to be disabled, regardless of the Default Device Exception option.
5. Block Notifications: Sends messages to users for interface block events via options such as (Custom User Message or Agent Pop-Up).
6. Internet Connection Sharing: Disables the Internet Connection Sharing property of the interface.
7. IPv6: Disables the IPv6 property of the interface.
8. Wi-Fi Random Hardware Address: Disables the randomized hardware address feature for wireless interfaces.
   • Control Method: Selecting 'Change Value Only' applies the value change, requiring a reboot. Selecting 'Apply Immediately' restarts the network interface, which may disconnect wireless network connections.
   • Notification Options: Specify the notification method based on the 'Control Method'. Choosing 'No Notification' under 'Apply Immediately' will restart the network interface immediately after configuration changes.
   • Application Delay: When 'User Notification' is selected under 'Apply Immediately,' you can configure the time to display the notification before immediate application.

Configuring Network Interface Control Policies via Node Policies

1. Navigate to the Policy section in the top menu.
2. Go to Policy > Node Policy > Node Action in the left menu.
3. In the Node Action Management window, find and click Interface Control.
4. Configure the necessary options in the Plugin Settings section.
5. Navigate to Policy > Node Policy in the left menu.
6. Click the node policy to which you want to apply the interface control policy.
7. Find Node Action Settings and click Assign.
8. Drag Interface Control from Available to the Selected section.
9. Click the Add button.
10. Click the Modify button.
11. Click the Apply Policy Changes button in the top-right corner.

Configuring Network Interface Control Policies via Control Policies

Step 1. Create a Target Node Group

1. Navigate to the Policy section in the top menu.
2. Go to Group > Node in the left menu.
3. Click Select Action > Create.
4. Click the Add button.
5. Set the conditions for the target and click Add.
6. Click the Create button.

Step 2. Create a Control Action

1. Go to Policy > Control Policy > Control Action in the left menu.
2. Click Select Action > Create.
3. Select the Interface Control plugin in the Plugin Selection section.
4. Configure the Conditions and options.
5. Click the Create button.

Step 3. Create a Control Policy

1. Go to Policy > Control Policy > Control Policy in the left menu.
2. Click Select Action > Create, and complete the Control Policy Wizard.
3. In the Policy Default Settings tab, enter the Policy ID to use.
4. In the Node Group Settings tab, select the newly added node group and move it to the Selected section.
5. Configure the desired options in the Permission Assignment and Control Options tabs.
6. In the Control Action Settings tab, find the created control action and move it to the Selected section.
7. Click the Finish button.
8. Click the Apply Policy Changes button in the top-right corner.