Access parameters

An Access parameter is a named combination of port/port range and the protocol used on them. Access parameters are the building blocks of Access policies, Corporate policy templates, and Security policy templates that you use to control how Workload groups and other groups communicate.

When Access parameters are enforced on groups (through Access policies), the assets in the groups communicate only on the ports and protocols in the Access parameters. All other ports and protocols are blocked on the assets involved in the Access policies.

Types of Access parameters

Three kinds of Access parameters exist in Xshield:

  • System-generated generic - these are generic Access parameters that are available by default in an Xshield tenant. These are constructed around commonly used default ports and protocols. For example, 'aol tcp:5190', 'ftp tcp:21', and 'https tcp:443'.

    Currently, Xshield has 189 default Access parameters.

    One of the system-generated Access parameters is ALL any:any. This parameter allows communication on all ports and protocols on the asset. 

    System-generated Access parameters cannot be edited or deleted.

  • System-generated, App-specific - these are App-specific, generic Access parameters available by default in an Xshield tenant. These are constructed around commonly used default ports and protocols for well-known applications.

    Currently, Xshield has 89 Access parameters used by SAP applications.

    Filter the Access Parameters page by the keyword 'sap' to see the SAP Access parameters. 

    System-generated App-specific Access parameters cannot be edited or deleted.

  • User-created - these are Access parameters you create to use custom ports and protocols.

Create Access parameters

Create custom Access parameters when you want Source groups and Destination groups to use custom ports and protocols for communication.

  1. Go to Policies > Access parameters.

  2. Click Create Access Parameter.

  3. In the Name text box, enter a name for the Access parameter.

  4. Add a useful description.

  5. Click Add and select a protocol and enter One port number, a list of port numbers separated by commas, or a range of port numbers.

    For example, TCP and 22 for SSH or UDP 67-68 for DHCP.

    Click Add to add more Access parameters.

  6. Click Save.

Filter Access parameters

When you use many Access parameters , it may be hard to find Access parameters you want to review or edit. 

To filter the Policies > Access Parameters page, search by the name of the Access parameter or the port or protocol used in the Access parameter (Port/Protocol column).

Next steps

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.