Skip to content

Add policies

Now you create policies. Policies let you give users access to resources and set conditions for access.

To create a policy, do as follows:

  1. Go to My Products > ZTNA > Policies.

  2. On the Policies page, you might see a warning that you need to request the ZTNA agent. Click Request agent and fill out your details. We'll tell you when the agent is available.

    You can create your policies now. You don't need to wait for the agent, as you install that later.

  3. Click Add policy.

    Policies page.

  4. Select the policy type you want.

    • Agent. This requires a ZTNA agent. With this policy type, you can set conditions for access.
    • Agentless. This doesn't require a ZTNA agent. You can only use agentless access for web apps, and you can't set conditions based on device health.

    In our instructions, we'll use Agent access.

    Add policy screen.

  5. On the New policy page, do as follows:

    1. Enter a name for the policy.
    2. On the Access rules tab, leave Use conditions to manage access selected.
    3. Under Allow access, select the security health that devices need before they can access apps.

    If you selected Agentless access, you don't see access rules.

    New policy page.

  6. Click Save.

    Note

    You don't need to use the Assigned resources tab yet. You assign resources (in other words, decide which policy will apply to each resource) later on the Resources page.

You can stop applying an access rule at any time by turning off Use conditions to manage access.

You can also stop applying the policy. On the Policy enforced tab, set Policy bypassed. This prevents users from accessing the managed resources.

Next, you install the Sophos ZTNA agent. If you're setting up agent based access, you install the Sophos ZTNA agent next. See Install the ZTNA agent. If you're setting up agentless access, you add resources next. See Add resources.