Creating an Overlay Network Access Policy

An Overlay Network Access Policy creates a path for users and applications to communicate with each other, using standard TCP/IP sockets (TCP/UDP/ICMP). Connectivity is filtered and limited by the settings of the policy, giving admins the ability to enforce Least Privilege access.

To create an Overlay Network Access Policy, navigate to Access Policy Management > Access Policies and click "Add Access Policy".

Selecting the Access Policy Type

Select "Overlay Network Access Policy".

Selecting the entities to connect

Choose the connectivity type that matches the policy you are trying to create.

Name the Access Policy

As a best practice, choose a name that makes the intent of the policy easily understandable.  For example, the name "IT admin ssh access to ERP application servers" clearly indicates that the policy defines who (IT admin) can connect to what (ERP application servers) and how (using ssh).

Select the source/destination Applications or Services

Depending on what types of entities you chose to connect, you will be presented with pick lists of already defined Applications or Services to apply as the source/destination for this policy.

If instead you chose to create user access, you will be prompted to define which User Role(s) to associate this policy with:

Select the Connection Type

Next, choose the Connection Type.  Valid Connection Types include CoIP LAN and CoIP WAN.  CoIP WAN connections are bridged through a ZNS node; you may specify the ZNS cluster to be used for this access policy to optimize the latency from the ZNS to the Application or Service.

Select the Security Filters

Finally, you have the option of filtering the connectivity based on Application Process Objects and Service Port Objects.