This article applies to multiple NetFoundry network Products (version 6 and prior, and version 7 or higher).  Refer to Finding Your Network Version for detailed information on determining your Network Version.

Product Version 7 and higher AppWANs

Product Version 6 and prior AppWANs



This guide goes over the specifics of creating and managing AppWans in the web console.  To use an AppWAN you will need at least one each of endpoints and services. You can go back to one of the previous articles about creating and managing Endpoints or Services if necessary.


Product Version 7 and higher AppWANs

AppWANs are the policies which determine which services your endpoints have
permission to access. AppWANs can also be used to dictate which endpoints can be
used to connect specific applications. This gives you zero trust, least
privileged access, at the most granular levels.”

Create Your AppWAN

To create your AppWAN, go to Network Settings → Manage AppWANs. Click the blue plus-sign in the upper right corner to create a new AppWAN. manage_appwans_page_ziti.png

The 'Create a New AppWAN' screen will have fields for a name and both service and endpoint attributes to be filled in. Similarly to when you created your Service or Endpoint, you can select attributes from the list or create new ones.


Service Attributes

Service attributes provide the reference to any tagged services that are to be made available to the endpoints.  The services themselves define the endpoints that are “in front of” your application services – the endpoints which are protecting your services by denying all requests which are not properly authenticated and authorized. In this field, enter attributes such as (@singleService, or #allMarketingServices). For example, #allMarketingService attribute may be tagged on any service related to applications accessible by marketing.    The "#" attribute(tag) is created by the system operator and assigned as desired. 
For referring to a specific single service, the attribute with "@" is used.  Those attributes are automatically created for each entity (such as service or endpoint). For example if a service named marketingDocs is created, the attribute @marketingDocs will also be available for reference in AppWANs in the "Service Attributes" Box.

Endpoint Attributes

Endpoint attributes have a similar function to the Service Attributes described above.  In the AppWAN provisioning for Endpoint Attributes, the Endpoint attributes determine which of your endpoints are authorized to access the services you have specified in the Service Attributes section.  If you want to add a group of endpoints to the AppWAN, each endpoint should have the attribute tagged (for example #marketingEndpoints) on the endpoint.  For single endpoint references, utilize the automatically created "@" attribute(tag).

Provisioning AppWAN

A preview will appear on the right-hand portion of the screen which shows your services and endpoints that are associated with the attributes you've selected. 


For you AppWAN to function properly, your Edge Router must be provisioned. You can check this status on the Manage Edge Routers page, under the 'Type' column. You will see 'Provisioned', 'Provisioning', 'New', or 'Deleting' in that column. Provisioning can take a few minutes but once that has completed, your endpoints, and services, AppWANs, etc., should function as expected.

Manage Your AppWAN

To manage your existing AppWAN, navigate to Manage AppWANs. You can click on an AppWAN row to edit it or use the ellipsis menu at the end of each row to take actions on the individual AppWAN. Use the select bubbles in the first column of the table to select multiple services for bulk delete.

manage_appwans_ziti_elipses.pngWhen editing an existing AppWAN, the screen will look the same as the 'Create a New AppWAN' screen, except that you'll click 'Update' to finish editing instead of create. 



Product Version 6 and prior AppWANs

An AppWAN is a set of services which make up an application, as well as a set of endpoints that are authorized to access those services. See Create and manage services for more information about services.

To manage your AppWANs in the console, navigate to Network Settings → Manage AppWANs.

Click on an AppWAN row to bring up the AppWAN editor. Use the ellipsis menu at the end of each row to take actions on an individual AppWAN, like deleting and sharing. Use the select bubbles in the first column of the table to select multiple AppWANs for bulk delete. 

Click the blue plus-sign in the upper right corner to create a new AppWAN. Select from the following AppWAN types, based on your use-case:






Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.