Add and remove device trust

Set communication policies by adding trust between devices and device groups. You can use drag and drop to add and remove trust visually, or add trust on the Devices tab.

Supported Roles
System administrator
Network administrator who is a manager of the overlay.
Supported Versions
Drag and drop trust is available for v3.0.0 and later
Multi-select on the network graph is available for v3.1.0 and later
You are configuring trust only between your primary device or group and each additional device and group respectively. This setting does not configure trust between all devices selected. Devices highlighted in gray trust only the primary device. Trust between the gray devices and groups must be configured separately. For a detailed example configuration and steps to set it up, see Example: Complex device trust
Note: Network object trust policies work between a device and an IP range on a remote Airwall Edge Service. Similarly, blocking trust with a network object only prevents communication with that IP range on the remote Airwall that contains the network object. Therefore, a block policy to a network on Airwall 1 will not block communications to an IP in that range on Airwall 2. For more information, see How block and allow Overlay policies interact.

Add and remove device trust using drag-and-drop (v3.1.0)

Drag and drop trust is available in v3.0.0 and later.
  1. Go to Overlays and select the Overlay network for which you want to set up trust.
  2. If you are in the Advanced view, go to the Visualization tab.
  3. To see the trust for a device or device group, select a device on the graph.
  4. To add trust between devices and device groups:
    1. Select Edit trust (in v3.0.0, select Edit mode) in the upper right of the visual network display.
    2. If needed, select Position dynamically or Fit to arrange the devices and device groups so you can see them.
      Visualization tab showing trust relationships
    3. Click and hold one device or device group, and drag a line to another to establish trust.
      Drag from one device or device group to another to add trust
      Drag a line to establish trust
      Note: In v3.1.0, you can select more than one item on the network graph using the meta key for your platform (Ctrl on Windows, or cmd on macOS) and either create a device group, or remove the items from the network.
  5. Continue dragging and dropping to add trust as needed on the overlay network.
  6. To remove trust – In Edit mode, click the line between the devices you no longer want to have trust. When the line turns red, click to remove it:
    Removing trust by selecting the line
    Tip: If you right-click a device or trust line on the graph, you get a context menu where you can quickly add or remove trust between a device and all other devices in the network.
  7. To stop editing trust, select Edit layout. (In v3.0.0, to leave Edit mode, select Stop edit.)

For help in the graph, select Legend at the top left of the graph to show what you can do on the graph.

In a v3.1.0 Conductor, you can select more than one item on the network graph using the meta key for your platform (Ctrl on Windows, or cmd on macOS) and either create a device group, or remove the items from the network.

Add and remove device trust using drag-and-drop (before v3.1.0)

Drag and drop trust is available in v3.0.0 and later.
  1. Go to Overlays and select the Overlay network for which you want to set up trust.
  2. If you are in the Advanced view, go to the Visualization tab.
  3. To see the trust for a device or device group, select a device on the graph.
  4. To add trust between devices and device groups:
    1. Select Edit mode in the upper right of the visual network display.
    2. If needed, select Position dynamically or Fit to arrange the devices and device groups so you can see them.
    3. Click and hold one device or device group, and drag a line to another to establish trust.
  5. Continue dragging and dropping to add trust as needed on the overlay network.
  6. To remove trust – In Edit mode, click the line between the devices you no longer want to have trust. When the line turns red, click to remove it:
  7. To leave Edit mode, select Stop edit.

For help in the graph, select Legend at the top left of the graph to show what you can do on the graph.

Note: Network object trust policies work between a device and an IP range on a remote Airwall. Similarly, blocking trust with a network object only prevents communication with that IP range on the remote Airwall that contains the network object. Therefore, a block policy to a network on Airwall 1 will not block communications to an IP in that range on Airwall 2.

Add and remove device trust from the Devices tab

  1. Go to Overlays and select the Overlay network for which you want to add trust.
  2. On the Devices tab, click the Device name of the device or device group that you want to add trust for. The line will be highlighted in blue.
  3. To establish trust with other devices or device groups, click the radio buttons next to them. The line will be highlighted in light blue/gray and you receive a message in the upper right of your screen that trust has been established. The following image shows trust between the Internet Access DMZ device and the other two devices.
    Compare to this image, when you select one of the devices, the other device is not highlighted, which indicates the devices do not trust each other - they both only trust the Internet Access DMZ device. This is a hub-and-spoke arrangement.
  4. To remove trust, click the radio button again to remove it from the trust policy.
  5. If you want to add a device group, but block certain devices in that group from the trust relationship, set trust for the group, and then use the toggle button next to the radio button to block trust with that device.
  6. You can see the trust relationships on the left. (In the Advanced view, go to the Visualization tab.)
    Trust relationship visualization