creating-edge-router-policies
- New edge router policy via UI
- New edge router policy via CLI
- On the left side nav bar, click "Ziti Policies"
- It should already be selected, but if not, on the top nav bar, click "Edge Router Policies"
- In the top right corner of the screen click the "plus" image to add a new edge router policy
- Choose a name for the edge router policy, such as "My edge router policy"
- Enter the edge routers you want to include in the policy
- Specific edge routers can be referenced by ID or name using
@
. For example, an edge router calledus-east-4
can be referenced using@us-east-4
. - Edge routers can be referenced by role attribute using
#
. For example, any edge router which has theus-seast
role attribute will be included if#us-east
is included in the edge routers roles list.
- Specific edge routers can be referenced by ID or name using
- Enter the identities you want to include in the policy
- Specific identities can be referenced by ID or name using
@
. For example, as identity calledjsmith-desktop
can be referenced using@jsmith-desktop
. - Identities can be referenced by role attribute using
#
. For example, any identity which has thesales
role attribute will be included if#sales
is included in the identities roles list.
- Specific identities can be referenced by ID or name using
- Specify the role semantic
- If you select
Has Any Role
then if you specify multiple roles then all entities which include any of the roles will be included. - If you select
Must Have All Roles
, then if you specify multiple roles then only entities which include all of the given roles will be included
- If you select
- Click save
To create an edge router policy using the CLI issue the following commands.
-
To use the CLI, you'll need to be logged in. Link to instructions
-
Create an edge router policy named
my-policy
which allows all identities to use all routers.ziti edge create edge-router-policy my-policy --identity-roles '#all' --edge-router-roles '#all'