Views:
You have 2 independent VLANs. How do you deploy Private Access?
To manage access permissions for your applications, it is essential to creating Private Access Rules.

Scenario

Your company operates with two independent VLANs that cannot communicate with each other and are not accessible from outside their respective networks. Each VLAN hosts several internal services. Two employees, who are outside the networks, are attempting to access these services.

Your VLANs and internal services

VLAN
Internal Service
VLAN_1
  • Service_1
  • Service_2
VLAN_2
  • Service_3
  • Service_4

Deploy Connector group

First, you create a connector group and deploy the connector. The connector group serves to expose the VLANs, allowing external users to access the internal services hosted within them.
Since you have 2 independent VLANS, you must deploy 2 connectors — one in VLAN_1 and one in VLAN_2.

Create internal application

After deploying the connector, it is essential to add the internal applications in the Trend Vision One console to enable the connector to identify which applications it can access on the internal network.
Since you have 4 services for user access, you need to create 4 internal applications corresponding to these services.
In this scenario, when adding Service_1 and Service_2 as internal applications, both services should be assigned to Connector Group 1, as this connector group is deployed in the same VLAN as the services. Conversely, Service_3 and Service_4 should be assigned to Connector Group 2
Note
Note
Now we are setting up the Internal Applications, users will be able to access these applications through devices equipped with the Secure Access Module. However, access to certain internal applications is restricted to users with permanent permissions.
Additionally, the default rule, titled Default Rule for Internal App Access, blocks all users from accessing internal applications.

Create Private Access rule

To manage access permissions for the applications we just created, it is essential to create private access rules.
For example, Services 1 and 2 can allow both Employee A and Employee B to access them. However, Service 3 is restricted to Employee A, while Service 4 is accessible only to Employee B.

VLAN
Accessible by
VLAN_1
Service_1
  • Employee A
  • Employee B
Service_2
  • Employee A
  • Employee B
VLAN_2
Service_3
Employee A
Service_4
Employee B
We then create 2 private access rules Rule Allow A and Rule Allow B for these users:
  • Rule Allow A : This rule grants Employee A access to the services 1, 2 and 3.
    • Selected Users / User Groups: Employee A
    • Selected Apps: Services 1, 2, and 3
    • Action: Allow Internal App Access
  • Rule Allow B : This rule grants Employee B access to the services 1, 2 and 4:
    • Selected Users / User Groups: Employee B
    • Selected Apps: Services 1, 2, and 4
    • Action: Allow Internal App Access
Since the default rule already blocks access. Therefore, Employee A will still be unable to access Service 4, and Employee B will still be unable to access Service 3.