Views:

Configure a private access rule to control access to your organization's internal apps based on user, device, time, and location.

Note
Note
Trend Vision One automatically creates a default private access rule to apply whenever no other private access rules are matched. The default rule blocks all access to configured internal apps.

Procedure

  1. On the Secure Access Rules screen, click the Private Access tab and then click Create Rule.
    The rule configuration screen appears with the Internal app access rule template selected.
  2. Specify a unique name and a description for the rule.
  3. (Optional) To enable or disable the rule, click the toggle next to Status.
    Tip
    Tip
    You can also enable or disable rules on the Secure Access Rules screen.
  4. Configure the following rule settings.
    Rule setting
    Description
    Options
    Source
    The users, devices, and locations that the rule applies to
    Users / User groups/ IP addresses
    Users / Groups/ IP address groups: Target or exclude users or groups registered with your configured SSO provider. You may alternatively target or exclude both public and private IP address groups.
    • Only users or groups from the IAM system configured as your SSO provider can be used in rules.
    • Define a new IP address group by clicking Add, and select either a Public or Private IP address group. If you have selected Private IP address, the IP addresses or ranges must exist on your internal corporate network.
    Important
    Important
    Rules may not apply to devices without the Secure Access Module installed that do not send HTTP/HTTPS requests containing the X-Forwarded-For (XFF) header field. The Internet Access Gateway cannot retrieve the private IP addresses of these devices.
    Note
    Note
    If you have configured more than one IAM system, the IAM system with SSO enabled applies.
    Device posture profile
    Select the device posture profile to include devices in the rule enforcement.
    Note
    Note
    This option only applies to access initiated with the Secure Access Module. This means that end users using the user portal can access private applications regardless of the security posture of the their devices.
    To add a device posture profile, click Add custom device posture profile.
    Locations
    Specify public/home network locations defined by IP address groups or geographic regions.
    • Locations identify roaming users, such as users connecting to public Wi-Fi networks or working from home.
      Tip
      Tip
      To define a new public/home network location using one or more IP addresses, click Add public IP address group.
    Destination
    The internal apps that the rule applies to
    Applications
    Specify previously configured internal applications.
    Tip
    Tip
    To add an internal app, click Add Internal Application on the Select Apps screen. For more information, see Adding an internal application to Private Access.
    Schedule
    The weekly period that the rule is applied
    To configure the recurrence of the schedule, select Only apply the rule during the specified period, and then select a start date and end date.
    Note
    Note
    The schedule uses the defined time zone of the console.
    Action
    The action taken when the rule is triggered
    Access control
    Allow, block, or monitor access to internal applications.
    Note
    Note
    Select Monitor Internal App Access to allow the internet access but log the activity.
    For more information about actions, see Zero Trust actions.
  5. Click Save.
    The rule is successfully created and listed on the Private Access screen.