Zero-trust region policies

Reply
Highlighted
L0 Member

Zero-trust region policies

We are testing out using a Zero-trust policy to block traffic to and from all regions but a few known good or needed regions. I am running into issues with Microsoft, AWS websites and services that roll to different data centers and IPs around the globe. Does anyone have any suggestions to allow traffic to these sites and services without having to manage a large list of IPs or sites?

 

 

Highlighted
Cyber Elite

Re: Zero-trust region policies

@drischar,

You'll likely end up making use of multiple solutions depending on what you are doing and what services you are actually trying to keep updated. Some things you'll be perfectly fine using custom URL categories, others are better off being managed through an EDL powered by something like MIneMeld, others can be solved through FQDN objects, and others you may actually need to keep updated through the API and scripting something to automate the process. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!