Login
- Table of Contents
-
- 03-Security Configuration Guide
- 00-Preface
- 01-ARP attack protection configuration
- 02-ASPF configuration
- 03-IP-MAC binding configuration
- 04-Keychain configuration
- 05-ND attack defense configuration
- 06-Password control configuration
- 07-uRPF configuration
- 08-Location identification configuration
- 09-Security zone configuration
- 10-User identification configuration
- 11-MAC learning through a Layer 3 device configuration
- 12-Microsegmentation configuration
- 13-IP-SGT mapping configuration
- 14-SMS configuration
- 15-Trusted access control configuration
- 16-Application account auditing configuration
- 17-Terminal identification configuration
- 18-IPoE configuration
- 19-Flow manager configuration
- 20-Object group configuration
- 21-IP source guard configuration
- 22-Server connection detection configuration
- 23-PKI configuration
- 24-SSL configuration
- 25-Crypto engine configuration
- 26-AAA configuration
- 27-Portal configuration
- 28-IPsec configuration
- 29-Public key management
- 30-Attack detection and prevention configuration
- 31-Security policy configuration
- 32-Session management
- 33-Connection limit configuration
- 34-DDoS protection configuration
- 35-SSH configuration
- 36-SDP zero trust configuration
- 37-APR configuration
- 38-Overbilling prevention configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 15-Trusted access control configuration | 56.15 KB |
Configuring CSAP trusted access control
About CSAP trusted access control
Configuring CSAP trusted access control settings
Configuring a CSAP trusted access policy
Configuring CSAP trusted access control
About CSAP trusted access control
Threat Discovery and Security Operations Platform (CSAP) trusted access control enables the device to collaborate with the CSAP trusted access controller to obtain security status of users and assets. Upon receiving an access request from a user, the device takes relevant action based on the user and asset security status and the specified trusted access policy.
In the zero trust scenario, you can use this feature to control access permissions for users to specific assets.
Configuring CSAP trusted access control settings
About this task
The device collaborates with the CSAP trusted access controller to obtain security status of users and assets, and controls access permissions for users to specific assets based on the specified trusted access policy.
Procedure
1. Enter system view.
system-view
2. Enter CSAP trusted access controller view.
trusted-access controller csap
3. Specify the peer service URL used for providing trusted access control services.
peer-service url service-url
By default, no peer service URL is specified.
4. (Optional.) Specify an SSL client policy used for establishing an SSL connection to the trusted access controller.
ssl-client-policy policy-name
By default, no SSL client policy is specified for establishing an SSL connection to the trusted access controller.
This command is required if the protocol type is HTTPS for the peer service URL.
5. (Optional.) Specify a VPN instance for the trusted access controller.
vpn-instance vpn-instance-name
By default, no VPN instance is specified for the trusted access controller.
Configuring a CSAP trusted access policy
About this task
A CSAP trusted access policy defines user access permissions to assets based on the security status of users and assets.
Perform this task to configure trusted access rules that specify the actions to take on user requests to access assets based on their security statuses.
Restrictions and guidelines
The device predefines 16 trusted access rules that can be edited. You cannot create or delete rules.
Procedure
1. Enter system view.
system-view
2. Enter CSAP trusted access policy view.
trusted-access policy csap
3. Configure a trusted access rule.
rule user-risk-level { fallen | high-risk | low-risk | trust } asset-risk-level { fallen | high-risk | low-risk | trust } action { allow | deny }
By default, the trusted access rule settings are as shown in Table 1.
Table 1 Default trusted access rule settings
|
User security status |
Asset security status |
Action |
|
Compromised |
Compromised |
Deny |
|
Compromised |
High risk |
Deny |
|
Compromised |
Low risk |
Deny |
|
Compromised |
Trusted |
Deny |
|
High risk |
Compromised |
Deny |
|
High risk |
High risk |
Deny |
|
High risk |
Low risk |
Deny |
|
High risk |
Trusted |
Deny |
|
Low risk |
Compromised |
Deny |
|
Low risk |
High risk |
Deny |
|
Low risk |
Low risk |
Allow |
|
Low risk |
Trusted |
Allow |
|
Trusted |
Compromised |
Deny |
|
Trusted |
High risk |
Deny |
|
Trusted |
Low risk |
Allow |
|
Trusted |
Trusted |
Allow |
4. Enable the CSAP trusted access policy.
service enable
By default, the CSAP trusted access policy is disabled.