Create a Zero Trust policy

1 min read

You can create Zero Trust policies to manage access to specific applications on your network.

Go to Access > Applications > Add an application.
Select Private Network.
Name your application.
For Application type, select Destination IP.
For Value, enter the IP address for your application (for example, 10.128.0.7).
If you would like to create a policy for an IP/CIDR range instead of a specific IP address, you can build a Gateway Network policy using the Destination IP selector.
Configure your App Launcher visibility and logo.
Select Next. You will see two auto-generated Gateway Network policies: one that allows access to the destination IP and another that blocks access.
Modify the policies to include additional identity-based conditions. For example:
- Policy 1
  Selector Operator Value Logic Action
  Destination IP in 10.128.0.7 And Allow
  User email Matches regex .*@example.com
- Policy 2
  Selector Operator Value Action
  Destination IP in 10.128.0.7 Block
Policies are evaluated in numerical order, so a user with an email ending in @example.com will be able to access 10.128.0.7 while all others will be blocked. For more information on building network policies, refer to our dedicated documentation.
Select Add application.

Selector	Operator	Value	Logic	Action
Destination IP	in	`10.128.0.7`	And	Allow
User email	Matches regex	`.*@example.com`

Selector	Operator	Value	Action
Destination IP	in	`10.128.0.7`	Block

Your application will appear on the Applications page.