The following are the supported use cases for Zero Trust Access Gateway while additional variations are being developed and released.

Source IP/Method/Path

This security policy, although developed for object storage solutions, is not limited to this workload. The traffic must match all three attributes to be permitted access to the published system.

Who – The source IP Address of the requestor.

What – The HTTP Method (GET, PUT, DELETE, etc.) being passed to the published system.

Where – The path of the object being requested or written, defined using regular expression (regex) for flexible implementations.

Authentication Header/Method/SourceIP

This security policy is also developed for object storage solutions but can be applied to other workloads. The Content Rules for this use case are as follows.

Who – The Authentication Header within the HTTP traffic.

What – The HTTP Method being passed to the published system.

Where – This is the Source IP address from where the traffic originated.

SteeringGroup/Path/SourceIP

This security policy is designed for any application that performs pre-authentication on the Progress Kemp Load Balancer. This utilizes the Edge Security Pack feature to determine a user’s group membership in combination with the client’s source IP address and the path within the application they request.

Who – Group membership. This attribute looks at the Active Directory group a user is a member of and directs them to a specific element of the published application.

What – The path within the published application the user is trying to access. By defining this using regular expressions (regex), an application can be segmented to suit many scenarios

Where – This is the Source IP address from where the traffic originated.

Trusted/ Untrusted Zone

This security policy also requires the Edge Security Pack but determines the type of authentication required for a user based on group and location. Should the traffic match the attributes for a Trusted zone, the user is presented with a simple form to authenticate to the application, but should the traffic be identified as Untrusted; the user will be required to provide multi-factor authentication to gain access.

Who – Permitted Group. This is a Progress Kemp-specific attribute that looks at the Active Directory group a user is a member of and permits or denies access dependent on their group membership.

Where – This is the Source IP address from where the traffic originated.