Zero-trust region policies

drischar — Tue, 04 Feb 2020 15:56:03 GMT

We are testing out using a Zero-trust policy to block traffic to and from all regions but a few known good or needed regions. I am running into issues with Microsoft, AWS websites and services that roll to different data centers and IPs around the globe. Does anyone have any suggestions to allow traffic to these sites and services without having to manage a large list of IPs or sites?

Re: Zero-trust region policies

BPry — Wed, 05 Feb 2020 03:12:17 GMT

@drischar,

You'll likely end up making use of multiple solutions depending on what you are doing and what services you are actually trying to keep updated. Some things you'll be perfectly fine using custom URL categories, others are better off being managed through an EDL powered by something like MIneMeld, others can be solved through FQDN objects, and others you may actually need to keep updated through the API and scripting something to automate the process.

topic Zero-trust region policies in General Topics

Zero-trust region policies

Re: Zero-trust region policies