Creating a Service Edge Router Policy
- New Service Edge Router Policy via UI
- New Service Edge Router Policy via CLI
- On the left side nav bar, click "Ziti Policies"
- On the top nav bar, click "Service Edge Router Policies"
- In the top right corner of the screen click the "plus" image to add a new Service Edge Router Policy
- Choose a name for the Service Edge Router Policy, such as "My Service Edge Router Policy"
- Enter the services you want to include in the policy
- Specific services can be referenced by ID or name using
@
. For example, a service calledssh
can be referenced using@ssh
. - Services can be referenced by role attribute using
#
. For example, any service which has thesales
role attribute will be included if#sales
is included in the service roles list.
- Specific services can be referenced by ID or name using
- Enter the services you want to include in the policy
- Specific services can be referenced by ID or name using
@
. For example, a service calledssh
can be referenced using@ssh
. - Services can be referenced by role attribute using
#
. For example, any service which has thesales
role attribute will be included if#sales
is included in the service roles list.
- Specific services can be referenced by ID or name using
- Specify the role semantic
- If you select
Has Any Role
then if you specify multiple roles then all entities which include any of the roles will be included. - If you select
Must Have All Roles
, then if you specify multiple roles then only entities which include all of the given roles will be included
- If you select
- Click save
To create a Service Edge Router Policy using the CLI issue the following commands.
ensure you are logged in with the CLI.
The
ziti
CLI will help you get a session from the controller's management API. You will be prompted to trust any new server certificates. Your session cache and trust store are managed by the CLI in your home directory.# implies https://localhost:1280
ziti edge login -u admin -p admin# implies https://
ziti edge login ziti.example.com:8441 -u admin -p adminCreate a service edge router policy which allows all services to use all routers.
ziti edge create service-edger-router-policy 'my-policy' --service-roles '#all' --edge-router-roles '#all'