• Policy Overview
  • Web policy example
    • Limiting hosted website use
  • Infrastructure policy example
    • Limiting SSH access to a bastion host
  • Service Tunnel policy example
    • Limiting access to a file server

Policy Overview

Policies enforce which devices have access to protected services. Admins can configure policies by defining which roles and device Trust Levels are allowed access to a given service. Once configured, a policy can be applied to any service type (e.g., hosted website, infrastructure service). This doc outlines an example of web, infrastructure, and Service Tunnel policy application.

Web policy example

Web policies define user access to hosted websites based on roles, Trust Level, and website endpoints (Layer 7 networking) through Banyan’s Access Tier.

Limiting hosted website use

An admin wants to limit access to admin and login pages on a hosted website. Their requirements are as follows:

Configure the required Trust Level and allowed Roles, as such:

Add Rules to restrict access to admin (!wp-admin*) and login (!wp-login) endpoints:

Infrastructure policy example

Infrastructure policies define user access to infrastructure services based on roles and Trust Levels. This type of policy can be used for any TCP services, such as an SSH service, an RDP service, a Kubernetes service, or a database service.

Limiting SSH access to a bastion host

An admin wants to limit SSH access to a bastion host. Their requirements are as follows:

Select all relevant roles, and apply the Medium or High Trust Level:

Service Tunnel policy example

Tunnel policies define user access to network locations based on CIDR ranges, ports, and protocols from a Service Tunnel.

Limiting access to a file server

An admin wants to limit access to a file server. The requirements are as follows:

Configure the Roles and Trust Levels:

Configure the Exceptions:

---

Can’t find what you’re looking for?

We’re happy to help. Contact our team.