Help CenterLog in to the ThreatLocker Portal.
Navigate to the Network Control section and select Network Control Policies.
Select the 'New Policy' button in the top left corner.
The Create Secure Network Policy window will open, where you can select which type of policy to create.
Select 'Device to Device Communication in My Organization' to open the wizard. The following fields will be available:
- Service
- Protocol
- Ports
- Exipration
- Schedule
- Permit access through ZTNA
- Source
- Destination
- Applications
- Users and Groups
1. Service: The box labeled 'Service' is a type-searchable dropdown holding a list of known services, along with an option for 'Custom' if you are creating a policy for a custom service. Select the desired service that the policy will govern.
2. Protocol: By default, the 'Protocol' will be TCP/UDP. This can be changed to one or the other using the dropdown.
3. Ports: Once a Service is selected, the port or port range will populate in the 'Ports' box. If custom was selected as the service, then you will need to manually enter the port or port range.
4. Expiration: Select the checkbox next to 'Expiration' to set an expiration date/time for the policy. Leave unchecked to allow the policy to never expire.
5. Schedule: Select the checkbox next to 'Schedule' to set a schedule of select days and or times this policy will be active. Leave unselected to allow the policy to remain active all the time.
- Permit access through ZTNA: Selecting this checkbox allows traffic to reach the destination resource through the Secure Network when the source device is outside the local network. If the checkbox is not selected, access to the destination is limited to sources on the same LAN; any out-of-network devices will not be able to connect. Once this checkbox is selected, a dropdown containing your previously configured Secure Network Servers will populate, where you will select the appropriate Secure Network Server.
Please Note: If UDP is selected in the protocol field and Permit access through ZTNA is also selected, a cautionary message will appear informing you of how traffic will be routed, overwriting your selected option.
7. Source: The Source dropdown contains a list of all your Organizations, Computer Groups, Computers, and Mobile Devices. Select as many sources as desired. They will be added in the 'Source' box.
8. Destination: The Destination dropdown contains a list of all your Organizations, Computer Groups, Computers, and Mobile Devices. Select as many destinations as desired. They will be added in the 'Destination' box.
9. Applications: By default, 'All Applications' will be selected. If you wish to limit this policy to specific local applications, find and select the desired application or applications in the type-searchable dropdown.
10. Users and Groups: By default, 'Everyone' is selected. If you wish to scope access to specific users/groups, input the desired local Users and Groups. Once set, only the specified Users and Groups will be permitted to initiate the connection defined in this policy.
Once all fields are configured, select the 'Next' button. The Secure Network Policy Summary window will open to provide an overview of your selections, with the ability to make any necessary edits.
1. Log in the Unified Audit: Select the checkbox to log when this policy is matched in the Unified Audit
2. Route: Here, the route that permitted network traffic will take. In our example, the Permit access through ZTNA checkbox was not selected, which creates a 'Local' route.
Select the 'Create' button to save the policy.
Zero Trust Network Access (ZTNA) and Zero Trust Cloud Access (ZTCA) Frequently Asked Questions