Managing Policy Groups

A Primer on Policies, and Policy Groups

Overview

What are Policy Groups?

Policy Groups are the Groups of Edges in the Byos solution, to which Policies are assigned to.

What Policies are included?

There are many different types of policies that can be configured by the Edge

External Network Settings - ie. how the Edge communicates with the i) local network, ii) the internet, and iii) the Byos Secure Lobby Overlay

Internal Network Settings - ie. the internal Microsegment

Filtering - which countries, IPs, ports, and protocols the Edges can communicate with

How do Policy Groups relate to Zones?

Policy Groups inherit the Secure Lobby Overlay networking settings from the Zone. Each Policy Group will be included in the Default Zone.

Add a Policy Group

Name Policy Group

Select which Zone the Policy Group should belong to

Select the External Network Settings for the Edges in the Policy Group
- For more information about the different configurations of the External Network Settings, please view this: Routing Rules

Select which Edges should be included in the Policy Group

Select whether or not Local Authentication is required

Configure the Internal Microsegment’s Network Settings
- Enable/Disable DHCP
- Enable/Disable Ping Requests
- Select the Network ID and CIDR

Editing Policy Groups

From the table, select the policy group or policy that you want to modify, and the side bar will open to that page so the changes can be made.

Policy Details

Modify the Policy Group Name

Select which Zone the Policy Group belongs to. Every Policy Group must have a zone membership. This enables all Edges within the group to be assigned a Byos IP address to be reached at within the SL overlay.

Edges

Add or remove Edges from the Policy Group.

Note: the brackets display the Byos IP address of the Edge, which i) corresponds to the Zone’s Network ID/CIDR and ii) indicates the Edge is connected to the SL Overlay

Note: removing Edges from a Policy Group will put them back into the Default Policy Group.

Filtering

The Byos Secure Edge can filter inbound and outbound traffic by Countries. This works by blocking sessions from being established with Servers in said country

ℹ️ The next roadmap filtering features are blocking i) IP addresses and ranges, and ii) Ports

External Network

The External Network setting controls how the Byos Secure Edge routes traffic to the world. For a more comprehensive explanation of all of the routing rules and scenarios, please click here: External Network Routing Rules

Internal Network

The Internal Network Settings determine how Secure Edge’s internal microsegment responds.

Local Authentication

Local Authentication is the policy for preventing/denying a User from changing settings in the local dashboard/app to with/without being logged in. When:

Local Authentication is Enabled, you have to log in to the Dashboard/App to change the settings

Local Authentication is Disabled, you can change settings locally without having to log into the Dashboard/App

If a network has previously been connected to and is saved by the Gateway, it will auto-connect and traffic will be able to reach the microsegment even with Local Auth enabled, but for conferences, I would recommend having it Disabled to save you from having to log in every time the session ends.

ℹ️ When the Edge goes through a power cycle, traffic to the microsegment is stopped until the Edge is commanded by the Policy to re-allow it. For that, three factors come into play: 1) the Edge is licensed 2) the policy allows internet access 3) the User has authenticated to the Edge locally The local authentication toggle disables #3.