Add and remove device trust
Set communication policies by adding trust between devices and device groups. You can use drag and drop to add and remove trust visually, or add trust on the Devices tab.
- Supported Roles
- System administrator
- Supported Versions
- Drag and drop trust is available for v3.0.0 and later
Note: Network object trust policies work between a device and an IP range on a
remote Airwall Edge Service. Similarly, blocking trust with a network object only prevents communication with
that IP range on the remote Airwall that
contains the network object. Therefore, a block policy to a network on Airwall 1 will
not block communications to an IP in that range on Airwall 2. For
more information, see How block and allow Overlay policies interact.
Add and remove device trust using drag-and-drop (v3.1.0)
- Go to Overlays and select the Overlay network for which you want to set up trust.
- If you are in the Advanced view, go to the Visualization tab.
- To see the trust for a device or device group, select a device on the graph.
-
To add trust between devices and device groups:
- Continue dragging and dropping to add trust as needed on the overlay network.
-
To remove trust – In Edit mode, click the line between the devices
you no longer want to have trust. When the line turns red, click to remove
it:
Tip: If you right-click a device or trust line on the graph, you get a context menu where you can quickly add or remove trust between a device and all other devices in the network.
- To stop editing trust, select Edit layout. (In v3.0.0, to leave Edit mode, select Stop edit.)
For help in the graph, select Legend at the top left of the graph to show what you can do on the graph.
In a v3.1.0 Conductor, you can select more than one item on the network graph using the meta key for your platform (Ctrl on Windows, or cmd on macOS) and either create a device group, or remove the items from the network.
Add and remove device trust using drag-and-drop (before v3.1.0)
- Go to Overlays and select the Overlay network for which you want to set up trust.
- If you are in the Advanced view, go to the Visualization tab.
- To see the trust for a device or device group, select a device on the graph.
-
To add trust between devices and device groups:
- Select Edit mode in the upper right of the visual network display.
- If needed, select Position dynamically or Fit to arrange the devices and device groups so you can see them.
- Click and hold one device or device group, and drag a line to another to establish trust.
- Continue dragging and dropping to add trust as needed on the overlay network.
- To remove trust – In Edit mode, click the line between the devices you no longer want to have trust. When the line turns red, click to remove it:
- To leave Edit mode, select Stop edit.
For help in the graph, select Legend at the top left of the graph to show what you can do on the graph.
Note: Network object trust policies work between a device and an IP range on a
remote Airwall. Similarly, blocking trust with a network object only prevents
communication with that IP range on the remote Airwall that contains the network
object. Therefore, a block policy to a network on Airwall 1 will not block
communications to an IP in that range on Airwall 2.
Add and remove device trust from the Devices tab
- Go to Overlays and select the Overlay network for which you want to add trust.
- On the Devices tab, click the Device name of the device or device group that you want to add trust for. The line will be highlighted in blue.
-
To establish trust with other devices or device groups, click the radio
buttons next to them. The line will be highlighted in light blue/gray and
you receive a message in the upper right of your screen that trust has been
established. The following image shows trust between the Internet Access DMZ
device and the other two devices.Compare to this image, when you select one of the devices, the other device is not highlighted, which indicates the devices do not trust each other - they both only trust the Internet Access DMZ device. This is a hub-and-spoke arrangement.
- To remove trust, click the radio button again to remove it from the trust policy.
-
If you want to add a device group, but block certain devices in that group
from the trust relationship, set trust for the group, and then use the
toggle button next to the radio button to block trust with that
device.
-
You can see the trust relationships on the left. (In the Advanced view, go
to the Visualization tab.)