AppGate ZTNA offers secure access management for users and devices in cloud and hybrid environments.
AppGate ZTNAallows organizations to implement a Zero Trust Network Access strategy for granular, context-aware access control in distributed environments. It introduces a 6-layer trust model with multiple verification steps beyond sign-in, requiring further checks for specific resource connections.
AppGate ZTNA operates without a traditional network perimeter and does not require specific hardware, functioning across cloud and hybrid setups through software virtualization.
Controllers define access rights for users or devices individually, authenticating them based on unique session Claims like browser type, device posture, geo-location, and identity. After authentication, Entitlement tokens are issued to the AppGate ZTNA Client.
The Portal provides an alternative connection method to protected resources via a browser, eliminating the need for a Client installation.
The Portal uses the same trusted connectivity approach as AppGate ZTNA Clients, assigning an available Client instance for each user connection, with access rights and routing determined by assigned Policies. Typically, a Portal is deployed as a standalone appliance outside the protected network, such as in the cloud.
The Connector integrates under-protected and over-privileged devices into the Zero Trust environment by hosting unmanned AppGate ZTNA Client instances with their own Entitlements, enabling local resources like sensors and servers to connect seamlessly with users and cloud services.
Entitlement tokens identify which Gateways to connect to, and these tokens are passed to Gateways that provision a micro-firewall instance for each session. The firewall instances evaluate rules to allow or block access to protected hosts, applications, or servers.
The Connector simplifies network integration, requiring only an outbound connection on port 443 to establish a bi-directional, multi-protocol tunnel, facilitating access to distributed resources by adding Connectors to the Site.
All access activities must be logged for compliance. The LogForwarder efficiently forwards selective audit logs to external systems, allowing multiple input sources and output destinations with in-line filters. A local LogServer is also available within a Collective.
AppGate ZTNA Key Concepts and Features
Understanding the Eight Key Concepts of the AppGate ZTNA system is essential before configuration.