Now you create policies. Policies let you give users access to resources and set conditions for access.
To create a policy, do as follows:
Go to Zero Trust Network Access > Policies.
On the Policies page, you might see a warning that you need to request the ZTNA agent. Click Request access and fill out your details. We'll tell you when the agent is available.
You can create your policies now. You don't need to wait for the agent, as you install that later.
Click Add policy.
Select the policy type you want.
- Agent. This requires a ZTNA agent. With this policy type, you can set conditions for access.
- Agentless. This doesn't require a ZTNA agent. You can only use agentless access for web apps, and you can't set conditions based on device health.
In our instructions, we'll use Agent access.
On the New policy page, do as follows:
- Enter a name for the policy.
- On the Access rules tab, leave Use conditions to manage access selected.
- Under Allow access, select the security health that devices need before they can access apps.
If you selected Agentless access, you don't see access rules.
You don't need to use the Assigned resources tab yet. You assign resources (in other words, decide which policy will apply to each resource) later on the Resources page.
You can stop applying an access rule at any time by turning off Use conditions to manage access.
You can also stop applying the policy. On the Policy enforced tab, set Policy bypassed. This prevents users from accessing the managed resources.
Next, you install the Sophos ZTNA agent.