Adding an internal HTTP/S app via ZTNA

Once the installation and configuration of ZTNA connector is complete, you can now add your internal apps to Forcepoint ONE SSE to provide contextual access controls and inline protection. Adding apps will follow a similar setup to adding cloud-based apps except you will instead select our Any HTTP/S ZTNA App/Service template instead.

Follow the below steps to provide access to internal apps via ZTNA over HTTP or HTTPS:

Steps

  1. In the Forcepoint ONE SSE portal, click Protect > Add Apps > Managed Apps.
  2. On the Managed Apps page, select the Any HTTP/S ZTNA App/Service option.
  3. In the new window, fill out the fields to configure your app:
    1. Provide a name for the app.
    2. Select the Display on Admin Portal app Launcher checkbox to display ZTNA application name in Navigation Bar.
    3. You can (optionally) upload an image that will appear on the policies page as well as a small icon that will be used on logs and Dashboard pages.
    4. Enter the internal hostname (destination) for your app.
    5. Select server type.
    6. Enter the port number through which the application can be accessed.
    7. Select the datacenter name that you configured. This name will be used in logs to identify the location of the app, such as the 'Campbell, CA' office.
    8. Add any additional domains associated with the app to ensure full functionality when users are proxied to it.
      You can add up to 50 rows.
      Note: Applications with multiple domains can use either HTTP or HTTPS protocol, but not at a time. However, applications with a single-domain can support both HTTP and HTTPS protocols.
    9. Enter the HTTP/S ports that the internal application can be accessed on. This field supports individual ports as well as port ranges.
      You can add up to 50 rows.
    10. Enter each download DLP URL on a separate row.
      You can add up to 50 rows. To know about Download DLP URLs, refer to Download DLP Configuration section under Configuring inline DLP for custom applications.
  4. Now with the app added, you can go back to the Protect > Policies page and apply contextual access controls and inline DLP policies just like any other cloud app (notice it will indicate ZTNA HTTP/S on the top left of the app logo and datacenter name at the bottom of the app logo).