Access control
Access Control Lists#
ACLs can be created on edge EVX appliances and backbone NFRs in order to secure subnets from each other anywhere on the network.
Explicit allow and deny rules can be constructed that control traffic flow between any networks instantiated by the INF.
Rules are based on subnets or IPs and must be ordered correctly depending on the intention of the security rule.
Blocking access to a network#
All network traffic from a defined list of subnets can be blocked.
For example, the Accounts VLAN may need to be blocked from access from all other department VLANs except the IT intrastructure.
Defaults#
While the default is to allow all traffic (any to any), network segmentation decisions should be made in concert with the design of the security posture.
ZTNA#
Access control between devices and subnets is not designed as a replacement for OTT and other security overlay solutions such as ZTNA. The INF is compatible with all security appliances and services so that a customised security stack can be constructed bespoke for any customer or network.
Likewise ACLs are not a replacement for user authentication services.