Overview

This guide goes over the specifics of creating and managing AppWans in the web console.

AppWANs are the policies that determine which services your endpoints have permission to access. AppWANs can also be used to dictate which endpoints can be used to connect specific applications. This gives you zero trust, least privileged access, and micro-segmentation, at the most granular levels.”
To use an AppWAN you will need Services & Endpoints. You can go back to one of the previous articles about creating and managing Endpoints or Services if necessary.

Create Your AppWAN

To create your AppWAN, go to Network Settings → Manage AppWANs. Click the blue plus sign in the upper right corner to create a new AppWAN. 

mceclip3.png

The 'Create a New AppWAN' screen will have fields for a name, service, endpoint, and posture attributes to be filled in. When you create your Service or Endpoint or Posture Check, you will find an option to select attributes from the list or create new ones. A preview will appear on the right-hand portion of the screen which shows your services, endpoints, and posture checks that are associated with the attributes you've selected. 

mceclip2.png

For your AppWAN to function properly, your Edge Router must be provisioned. You can check this status on the Manage Edge Routers page, under the 'Type' column. You will see 'Provisioned', 'Provisioning', 'New', or 'Deleting' in that column. Provisioning can take a few minutes but once that has been completed, your endpoints, services, AppWANs, etc., should function as expected.

 

Best Practice/ Caution:

1. Take care not to add ERs or endpoints hosting services to the same APPWAN that lists those services. Always create a separate AppWAN for a set of endpoints that access services where none of them are terminating any of those services. Creating a bi-directional AppWAN will cause traffic blackhole, since the endpoints are acting as the ones terminating the service as well as the source.

2. Take care not to add an endpoint to multiple appwans that have the same or overlapping services. The endpoint will get into a routing conflict when it has access to the same service via multiple APPWANs

3. Take care not to add overlapping services to the same APPWAN. Example service A has subnet 10.0.1.0/24 as intercept address for port range 2000-4000 and service B has subnet 10.0.1.8/32 as intercept address for port 3800-3900. Adding services A & B to the same APPWAN creates a conflict

Posture Checks

Posture Checks are security postures applied at the AppWAN level. NetFoundry offers 5 different types of security posture checks for endpoints. Any Posture Checks that are assigned to an AppWAN will be relayed to the Endpoints that are also assigned to that AppWAN.

For more details about Posture Checks refer: Create-and-Manage-Posture-Checks

Attributes

Use of endpoint/service/posture attribute will select all endpoints/services/posture checks having that specific attribute to the AppWAN. The @ symbol is used to tag Individual endpoint/service/posture check and the # symbol is used to tag a group of endpoints/services/posture checks.

Service attributes provide the reference to any tagged services that are to be made available to the endpoints.

In the AppWAN provisioning for Endpoint Attributes, the Endpoint attributes determine which of your endpoints are authorized to access the services you have specified in the Service Attributes section.

The Posture attributes determine which of the posture checks will be relayed to the Endpoints that are also assigned to that AppWAN.

Manage Your AppWAN

To manage your existing AppWAN, navigate to Manage AppWANs. You can click on an AppWAN row to edit it or use the ellipsis menu at the end of each row to take actions on the individual AppWAN. Use the select bubbles in the first column of the table to select multiple services for bulk delete.

mceclip2.png

mceclip3.png

When editing an existing AppWAN, the screen will look the same as the 'Create a New AppWAN' screen, except that you'll click 'Update' to finish editing instead of 'Create'. 

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Article is closed for comments.