13.4 Configure an Access Control Service Trustzone

The main window of a Access Control Service Trustzone is split up into a navigation bar on the left and the three policy rule sets on the right.

To guarantee that our policy trustzone has a public/private key pair to properly authenticate clients to all participating Access Control Services, we initially need to create a Health Passport Signing Key (Settings > Identity > Health Passport Signing Key). The Health Passport is used for authenticating against other Access Control Service instances (for example Remediation Service and Border Patrol). Therefore, generation of a Heath Passport Signing key is required.

Click New Key… to create a new Health Passport Signing key. In this setup with local created public/private keys use the previously created key and export the public part into the clipboard. This public key is imported again as Health Passport Verification Key.

To keep our setup as simple as possible we will start with local machine policies. We recommend to extend your setup by applying user specific or VPN policies as a next step. At the beginning even setting up a restricted local machine rule set and configuring the gateway firewall rule set requires quite some time.

So as a next step create at least one rule within the "Local Machine" policy rule set. The first and for the moment the only available rule is our catch-all rule which usually should be at the end of your policy rule set. Click New… at the bottom of the policy rule set or via the context-menu to create a policy rule. When using more than one rule, remember that policy rule sets are processed from top to bottom.

The Policy Rule dialog is split up into these views:

Identity Matching

Required Health State

Policy Assignments

176 Example Configuration

Page 178
Image 178
Barracuda Networks VERSION SP4 manual Configure an Access Control Service Trustzone