Once the installation and configuration of ZTNA connector is complete, you can now add your internal apps to Forcepoint ONE SSE to provide contextual access controls and inline protection. Adding apps
will follow a similar setup to adding cloud-based apps except you will instead select our Any HTTP/S ZTNA App/Service template instead.
Follow the below steps to provide access to internal apps via ZTNA over HTTP or HTTPS:
Steps
-
In the Forcepoint ONE SSE portal, click .
-
On the Managed Apps page, select the Any HTTP/S ZTNA App/Service option.
-
In the new window, fill out the fields to configure your app:
-
Provide a name for the app.
-
Select the Display on Admin Portal app Launcher’ checkbox to display ZTNA application name in Navigation Bar.
-
You can (optionally) upload an image that will appear on the policies page as well as a small icon that will be used on logs and Dashboard pages.
-
Enter the internal hostname for your app.
-
Select server type.
-
Enter the port that is accessed over.
-
Select the datacenter name that we configured in the prior section in step 6 above. Again, this is a name that will be used in logs (that is, this app is located in the "Campbell, CA"
office location).
-
Add any other additional domains associated with the app to ensure full functionality when a user is being proxied to the app.
You can add up to 50 rows.
-
Enter the HTTP/S ports that the internal application can be accessed over. This field supports individual ports and ports ranges.
You can add up to 50 rows.
-
Enter download DLP URL one per row.
You can add up to 50 rows. To know about Download DLP URLs, refer to Download DLP Configuration section under Configuring inline DLP for custom
applications.
-
Now with the app added, you can go back to the page and apply contextual access controls and inline DLP policies just like any other cloud app (notice it will indicate ZTNA HTTP/S on the top left of the app logo and
datacenter name at the bottom of the app logo).