Configuring Remote Access

With today's distributed data centers and data in the cloud, anyone can access log-in portals that stand in front of protected resources. Anyone, then, can attempt to gain access to these protected resources; so long as the user is authenticated, they are granted access. But there’s no way to verify that users who have gained access to a VPN are authorized to access all, or a subset of, the private resources within the network.

Service Tunnel accounts for this lost authorization aspect: it offers a built-in continuous authorization functionality. Users who may be attempting to access protected resources from one IP, and then from another IP, are authorized on each access attempt. In these authorization events, Service Tunnel evaluates whether the user role and device Trust Level align with the Service Tunnel’s pre-defined access policy.

The following provides a checklist for setting up remote access; for more details, follow the links provided.

This video also describes how to set up a remote access service tunnel in Cloud Secure Edge.

To create a Service Tunnel Policy

1. Navigate to the document Publish a Service Tunnel.
2. Scroll down to the Steps to Publish a Service Tunnel and follow the directions for creating the Tunnel Policy.
3. Continue to Step 2: Publish a Service Tunnel and follow the steps to create a Service Tunnel.
4. Apply the Tunnel Policy to the tunnel so your end users can access the Service Tunnel.

To validate that your Service Tunnel is up and running, navigate from Private Access > Service Tunnels in the Cloud Edge Command Center. If your Service Tunnel is running, you see it in the Service Tunnels list with a Policy Enforcing status.