Understanding Access Control Policy
Genian ZTNA uses 3 main policies to control network access, IP/MAC Policy, Node Policy, and Enforcement Policy.
IP/MAC Policy
IP and MAC features allow an administrator to manually or automatically control a devices IP address, and to allow / deny network access based off of IP or MAC address.
To use these features in Genian ZTNA, you must configure the network sensor(s) in enforcement mode and enable an IP/MAC policy. This section will explain how to enable IPAM policy, enforce Conflict/Change Prevention, and set up time allowances for IP/MAC addresses.
Node Policy
Node Policies are mainly used for collecting information from Nodes, and managing their network presence while they are in a compliant state. Node Policies allow you to establish Authentication Policies based on User, Node, and Authentication method, as well as to define the standard operation of the endpoint agent and more.
To configure a Node Policy, create or use existing Node Groups (Managing Node Groups)
Next, navigate to Policy > Node Policy and select Tasks > create.
Follow the Policy creation prompts to apply the policy to groups and configure options.
See:
Enforcement Policy
While Node Policies are mainly used for collecting information from Nodes, Enforcement Policies are typically used to block the endpoint from accessing the network and potentially take additional action. This additional action may involve redirection to a Captive Web Portal for compliance instructions, or control of the endpoint through an agent.
Once Node Groups are created, (Managing Node Groups) controls can be defined by creating Enforcement Policies. These policies can then be applied to the Node Group to enforce those conditions upon the Nodes within the Group.