Access Policies are one of the core policies in CoIP Platform's Zero Trust security model. An Access Policy defines an allowed communication between authenticated Applications, Services, and Users. This article describes how to configure an Access Policy.
Types of Access Policies
CoIP Platform allows you to configure two basic types of Access Policies: built-in secure access (Remote Desktop Access), and Overlay Network Access.
Built-In Secure Access (Remote Desktop Access)
Built-In Secure Access maps access for Users (based on User Role) to individual servers that have the zLink agent installed. Supported operating systems for access targets include Windows, Linux, and MacOS. See Onboarding servers for built-in secure access methods for more information on these types.
Overlay Network Access
Overlay Network Access Policies create ZTNA access using a "network" mode, so that applications can access other applications with any protocol (TCP, UDP, or ICMP).
An Overlay Network Access Policy that specifies who can access what, and how. Policies are unidirectional; bidirectional functions can be created with two policies (one for each direction).
The CoIP Overlay performs stateful filtering, so you only need to specify policies that describe session invitation; return traffic is automatically allowed.
The Overlay Network Access Policy has quite a few more options compared to a Remote Desktop Access Policy; these details are covered in subsequent sections.
Access Policy Scope
Remote Desktop Access Policies apply at the server level, and servers need not be associated with an Application. As a result, the Remote Desktop Access Policy can be considered to have global scope, and Remote Desktop Access Policies will be displayed regardless of the App Profile selected.
On the other hand, Overlay Network Access Policy defines access to and between objects of an App Profile, and is therefore scoped at the App Profile level.