The following are the configuration steps for the AuthHeader/Method/SourceIP Use Case.

Open the Config_AuthHeader.xml file in Notepad++ or your preferred application.

The ZTAG configuration sections for this use case are:

  • LoadMaster_Connection
  • VirtualService_Configration
  • RealServer_Configuration
  • RealServer_List
  • Identify_Users
  • Zero_Trust_Access_Gateway_Policies
  • Backup_Options
  • Logging_Options

The configuration steps are as follows:

  1. Modify the LoadMaster connection settings for the LoadMaster or ECS Connection Manager:
    • The LoadMaster or ECS Connection Manager IP Address
    • The LoadMaster or ECS Connection Manager TCP Port

  2. Modify the Virtual Service configuration with settings based on workload requirements.
    • A Nickname (friendly name) to identify the workload being published
    • A Virtual IP Address to publish the workload
    • A Scheduling Method on how the distribution of the traffic to backend systems should occur.
      • rr = round-robin
      • wrr = weighted round robin
      • lc = least connection
      • wlc = weighted least connection
      • fixed = fixed weighting
      • adaptive = resource based (adaptive)
      • sh = source IP hash
      • dl = weighted response time
      • sdn-adaptive = resource based (SDN adaptive)
      • uhash = URL hash
    • Select whether SSL/TLS Acceleration should be enabled on the Virtual Service.
      • Y
      • N

    Optional – If a certificate is present on the LoadMaster/ ECS Connection Manager, a prompt will be provided to select which certificate should be used in the configuration. A certificate can be uploaded and applied by entering the following parameters

    • Path/ location to the certificate file (PFX)
    • A friendly name or identifier for the certificate
    • The passphrase for importing the certificate

  3. Modify the Real Server configuration with settings based on workload requirements.

    Real Server Check Method

    • https
    • http
    • tcp

    Real Server Check Port to use

    Real Server Port should it differ from the check port

    Non_Local Real Servers to specify whether the Real Servers are on a directly connected interface or on a remote network

    • Y
    • N

  4. Modify the Real Server list with the IP Address or FQDN of the backend systems being published. Lines can be removed or added based on the number of Real Servers in the environment.

  5. The AuthHeader/Method/SourceIP use case identifies who is accessing the workload with the user account that appears in the Authentication Header. This section defines the user accounts or Object IDs and descriptions for each within an environment.
    • Username to identify the account or object ID in the environment.
    • Description (friendly name) of the user account in the environment.

  6. The policy section is where the security settings are configured. Lines can be added or removed depending on the number of rules that should be applied in the policy.
    • Username to apply the security policy too.
    • The method that should be permitted for the defined path/ bucket.
      • GET
      • PUT
      • DELETE
      • POST
    • The source IP Address as to where the traffic originates from using Regular Expression (RegEx).

    Note: Any Usernames that are applied here must be identified in the Identify_Users section for the SteeringGroup use case above
  7. Optional - During each run of the Zero Trust Policy Builder, the option to take a backup before any changes are applied is presented. These options are used to define the name and where the backup should be stored. A date and time stamp will also be included in the backup file name.
    • File Path – Ensure the proper permissions are applied to the folder.
    • Backup file name – Used to identify the backup being taken

  8. Logging is generated for each run of the Zero Trust Policy Builder. These settings will provide the location for the log files and how much of the disk can be utilized to store files.
    • File Path – Ensure the proper permissions are applied to the folder.
    • Max Log Size – The maximum size of each of the log files.
    • Max Log Rollovers – The maximum number of log file rollovers to allow. The setting of 2 rollover files and 500KB maximum size will allow 1000KB of storage to be used on the system running the Zero Trust Policy Builder.