All Products
Search

This Product

    Secure Access Service Edge:Configure a trusted office zone

    Document Center

    Secure Access Service Edge:Configure a trusted office zone

    Last Updated:Jul 05, 2024

    If users work in an office zone that you can trust and you do not need SASE to analyze or audit the traffic that is generated when users access business applications, you can define the office zone by configuring identification rules. The SASE client can determine whether the terminals of users are located in the office zone based on the identification rules that you specify. When a user accesses an office application that is associated with the office zone, the generated business traffic is not analyzed or audited by SASE.

    Add conditions for office zone identification

    1. Log on to the SASE console.

    2. In the left-side navigation pane, choose Private Access > Application Management.

    3. On the Office Zone Identification tab, click Create Identification Rule.

    4. Configure the identification rules.

      You can add one or more identification rules.

      Parameter

      Description

      Name

      The name of the identification rule. The name must be 2 to 128 characters in length, and can contain letters, digits, hyphens (-), and underscores (_).

      Condition Settings

      The settings of an identification rule. You can add one or more conditions. Valid values:

      • Office Zone SSID: Enter the Service Set Identifier (SSID) of an office zone. The SSID is the name of a wireless local area network (WLAN).

      • Accessible Internal IP Address: the internal IP address that can be accessed only from an office zone. The SASE client automatically checks the connectivity of the internal IP address. When the connectivity is normal, the internal IP address is used as one of the conditions for identifying an office zone.

      • Accessible Internal Domain Name: the internal domain name that can be accessed only from an office zone. The SASE client automatically checks the domain name. When the connectivity is normal, the domain name is used as one of the conditions for identifying an office zone.

      • Office CIDR Block: the internal CIDR block that can be accessed only from an office zone.

      If you add multiple conditions for an identification rule, you can set the logical operator to OR or AND. The default logical operator is OR. You can click OR to switch the logical operator to AND.

      Associate Application

      The applications that are associated. Click Configure to associate an office application by tag or name.

    5. Click OK.

      If you create multiple identification rules, the conditions are applied in sequence. For example, the system applies the conditions in the following sequence: Condition 1, Condition 2, and Condition 3. SASE recognizes a zone as an office zone when one of the conditions is met.

    Delete and edit identification rules

    You can perform the following operations based on your business requirements:

    • Edit: Click Edit to modify the conditions.

    • Delete: Click Edit and then click Delete to delete a condition.

      Important

      After an identification rule is deleted, SASE no longer uses the condition to identify an office zone. Exercise caution when you perform this operation.

    References

    If you want to use SASE to analyze and audit your business traffic, you can configure access policies for your applications. For more information, see Configure a zero trust policy.