Rules and Policies#

Rules#

A Rule defines allowed connection sources (Users, Groups, Servers, Server Groups) and destination protocols/ports. Rules can be managed via the Hub’s Web UI or API.

Connection destinations (Servers and Server Groups) are defined when you create a Policy. Rules are applied only when added to Policy.

A rule consists of several fields described below. Rule changes are effective the moment they are saved or updated.

Name

A name for the Rule, eg “Allow SSH access for developers”, or “Allow web access for Testers”, or “Allow RDP for admins”. The name should reflect the sources and allowed ports/protocols that the Rule defines, noting that the destinations that the rule applies to is configured later in the Policies page.

Destination protocol

Options are TCP, UDP, ICMP, Any Protocol. This defines the destination protocol permitted by this Rule. For unlisted protocols, select Any Protocol and filter using your Server’s OS or firewall.

Destination ports

A single or comma-separated list of numbers, with optional dashed ranges, defining the allowed ports for the Rule. Leave blank for rules that are not of type TCP or UDP. Eg: 80,443,7000-8000

Source Users

A list of User ID’s that are permitted as sources by the Rule.

Source Groups

A list of User Groups whose members are permitted as sources by the Rule.

Source Servers

A list of Servers that are permitted as sources by the Rule.

Source Server Groups

A list of Server Groups whose members are permitted as sources by the Rule.

Policies#

A Policy defines a list of target (destination) Servers and a set of one of more previously defined Rules (which define sources) that govern connectivity permissions. Policies can be managed via the Hub’s Web UI or API.

A Policy consists of several fields described below. Policy changes are effective the moment they are saved or updated.

Name

A name for the Policy, eg “Development Server Remote Access”, or “Production web server frontend access”, or “Backend database access”. The name should reflect the target systems that the Policy defines, along with Rules (sources and protocols) that are added to the policy.

Description

An optional description of the Policy, for reference by Hub admin users

Rules

list of previously defined Rules sourced by the Policy.

Target Servers

A list of Servers that are targetted by the Policy.

Target Server Groups

A list of Server Groups whose members are targetted by this Policy.