Seqrite HawkkProtect

Policies

Print Friendly, PDF & Email

Policies govern the connections that are attempted from users to applications. A policy prevents unauthorized users from accessing any applications. It also grants access to authorized users to access specific applications as required.
On this page, you can create policies for users and applications and publish them. If the policies are pushed to the gateway and successfully applied, the status is updated as published.

Policy management 1.1

At the top of the page, few widgets display the count for All, Published, Draft, Publish Failed and Observe Policies.

Policy States

Policy State Description
Published A policy that is successfully configured and allows a user to access applications accordingly is a Published Policy.
Draft Administrator can create some policies that may not be implemented immediately or may be needed later. Such policies are saved as Draft Policies.
Publish failed If a policy fails to be applied to a site, it is a Publish Failed policy.

Observe

An administrator may want to monitor certain connection attempts. So, Administrator can create a policy with Observe mode on. This type of policy is an Observe policy.
Connections attempted under such policy will be allowed but will be represented with a different color on the Visibility page.

Further, the following details of all the existing policies are listed.

Column Name Description
IDENTIFIER Suitable identifier for the policy.
NAME Name of the policy.
STATUS Current status of the policy.
OBSERVE Denotes whether the connections allowed under the policy will be observed or not.
STATE Current state of the policy.
LAST UPDATED ON The date and time on which the policy was last updated.
WAF Configured To enable WAF rules for the policies.
Search To search policies by name.
Add Filter To add a filter. To know more, refer the Adding a filter to refine the view section on Visibility page.
Refresh Click the icon on the upper right corner to refresh the page.
Add Policy Click the Add Policy icon in the upper right corner to add a policy.

The policies can be sorted by name when you click the sorting symbol next to the NAME column.

Actions available with policies

When you hover over each policy, the following options appear on the right side next to the Last Updated On column.

Action Icon Action Label Description
Edit Edit To edit the details of the policy.
Delete Delete To delete the policy.
right arrow Edit To edit the details of the policy.

Click a policy to view policy details in the right pane.

Fields Description
Identifier Policy Identifier.
Name Policy Name.
Status Current status of the policy.
Observe Whether connection is being observed or not.
State Current state of the policy.
Last Updated On The date and time on which the policy was last updated on.
Last Updated by The administrator who last updated the policy.
Description Policy description.
User fs The tags applied on users according to which connection is allowed.
Application Tags The tags applied on applications/ services according to which connection is allowed.
Enable/ Disable To enable or disable the policy.
Observe To mark the connections allowed under the selected policy as ‘observed’ connection type.

Adding a policy

To add a new policy, follow these steps.

  1. Log on to Seqrite HawkkProtect portal. Navigate to Policy Management in the left pane.
  2. Click on the appropriate tab at the top as required.
    Depending on the tab you have selected, you can add the following types of policies.

    1. Zero trust
    2. Firewall
    3. DDoS
  3. Click the Add Policy button. A new page appears.
    Enter the following information on this page.

    Zero Trust

    Add Policy 1.1

    Policy Information

    In this section, enter the following information.

    • Enter the identifier for the policy.
    • Enter the policy name.
    • Select On or OFF under Observe.
      This indicates whether the connections allowed under this policy are marked as Observed on Visibility page.

    • Enter the detailed description of the policy.

    Allow Rule

    If you are creating a zero trust policy, enter the following information.

    • Enter the user tags.
      These are the tags applied on user from where the connection is established.
    • Enter the application Tags.
      These are the tags applied on applications where the connection is received.
    • Enter the user exception tags.
      Based on connection requirement, these tags will exclude users to whom available source tags are applicable.

    Note:
    The Application and User Tags are fetched from the centralized HawkkEye Tags. Please refer
    HawkkEye Tags for more details.

    Firewall Parameters (Rule)

    Add Firewall Policy

    Firewall parameters 1.1

    If you are creating a firewall policy, enter the following details.

    1. Enter the identifier for the policy.
    2. Enter the policy name.
    3. Select On or OFF under Observe.
      This indicates whether the connections blocked under this policy are marked as Observed on Visibility page.

    4. Enter the detailed description of the policy.

    5. The default mode is selected as Blocked by default.
    6. Enter the source IP list. You can add a single IP address or multiple IP addresses, or subnets as required. All these addresses must be separated by a comma.
    7. Enter the exceptions IP addresses/ list.
    8. Select the applications to which you want to apply the policy.
    9. Select the list of source countries from where the connections are originating.
    10. Enter the common application parameters as required.

    DDoS parameters

    DDoS parameters 1.1

    If you are creating a DDoS policy, enter the following details.

    1. Enter the identifier for the policy.
    2. Enter the policy name.
    3. Select On or OFF under Observe.
      This indicates whether the connections blocked under this policy are marked as Observed on Visibility page.
    4. Enter the detailed description of the policy.

    5. Select whether the policy shall be applied based on the count of IP Address or application.
    6. Enter the time frame in seconds.
    7. Enter the number of requests that will be allowed. If the number of requests exceeds this number, then the connections will be blocked.
    8. Enter the exception IP list.
    9. Select the applications to which you want to apply the policy.
    10. Enter the common application parameters as required.
  4. After entering this information, you can click Save as Draft or Add policy as required.

Example 1

Adding a firewall policy for restricting a user
If you want to block traffic originating from a user with particular source IP address and country, follow these steps.

  1. Log on to Seqrite HawkkProtect portal. Navigate to Policy Management in the left pane.
  2. Click the Firewall tab at the top.
  3. Click the Add Policy button.
  4. Enter the identifier and name as required.
  5. Enter the source IP address as 35.123.23.21. You can enter more IP addresses or subnets if you wish to.
  6. Enter the exceptions IP addresses (Whitelisted IP Address), if any.
  7. Select the applications to which you want to apply the policy.
  8. From the list of countries, select China.
  9. From the common application parameters, select custom path.
  10. Add the value as admininfo.
  11. After this is done, click Add Policy.

After this policy is applied, a user with source IP 35.123.23.21 and source country China will not be able to access configured application with custom path /admininfo (eg: www.example.com/admininfo if example is the selected application).

Was this page helpful?
Yes No