creating-service-edge-router-policies
- New service edge router policy via UI
- New service edge router policy via CLI
- On the left side nav bar, click "Ziti Policies"
- On the top nav bar, click "Service edge router policies"
- In the top right corner of the screen click the "plus" image to add a new Service edge router policy
- Choose a name for the Service edge router policy, such as "My Service edge router policy"
- Enter the services you want to include in the policy
- Specific services can be referenced by ID or name using
@. For example, a service calledsshcan be referenced using@ssh. - Services can be referenced by role attribute using
#. For example, any service which has thesalesrole attribute will be included if#salesis included in the service roles list.
- Specific services can be referenced by ID or name using
- Enter the services you want to include in the policy
- Specific services can be referenced by ID or name using
@. For example, a service calledsshcan be referenced using@ssh. - Services can be referenced by role attribute using
#. For example, any service which has thesalesrole attribute will be included if#salesis included in the service roles list.
- Specific services can be referenced by ID or name using
- Specify the role semantic
- If you select
Has Any Rolethen if you specify multiple roles then all entities which include any of the roles will be included. - If you select
Must Have All Roles, then if you specify multiple roles then only entities which include all of the given roles will be included
- If you select
- Click save
To create a Service edge router policy using the CLI issue the following commands.
-
To use the CLI, you'll need to be logged in. Link to instructions
-
Create a service edge router policy which allows all services to use all routers.
ziti edge create service-edger-router-policy 'my-policy' --service-roles '#all' --edge-router-roles '#all'