The advanced rule feature enables administrators to control access to applications by defining specific conditions. Admins can create rules based on criteria such as time (hourly, daily, or weekly), IP address location, and IP address CIDR. If users do not meet these criteria, their access is denied, which enhances the security of applications. This feature allows organizations to tailor access rules for critical applications, ensuring stronger protection.
To implement this feature, follow these two steps:
- Create the rule: Define the access conditions.
- Apply the rule to the policy: Enforce the rule within the appropriate policy.
Create the Rule
- Navigate to Settings > ZTNA > Policies > Rules (Simple) > New Rules (Simple)
- Once clicked, it will expand all the option for simple rule that can be used
There are six available categories for creating a simple rule:
Time : Allows application access between a specific start and end time each day Week : Allows application access on specific days of the week (Sun-Sat) Day : Allows application access on specific days of the month (1-31) Week & Time : Allows application access on specific days of the week (Sun-Sat) between a start and end time Location : Allows access if the user matches a specific IP address and location IP Address : Allows access if the user matches a specific IP address or CIDR - Input the rule name; it's mandatory and must be unique compared to other policies. There is also a toggle status that can be used to enable the rule.
- Choose simple rule category (Check step 4 for details) and input your specific time or day or IP address. In this article, the "Time" category is used as an example.
- After completing all mandatory fields, click Save.
- The newly created rule will appear on the "Rules (Simple)" page.
Apply the rule to the policy
- After creating an Advanced Rule (Simple), you can apply it in Policies. Navigate to Settings > ZTNA > Policies > Conditions, it will expand all the option for policy that can be use for application authorization. Fill out policy name, users and applications that are included in this policy, and the advanced rules that are used in this policy.
- Click save.