Corporate policy templates

Corporate policy templates help you to create reusable Access policies to access the infrastructure services in your network. The term 'Corporate' refers to the basic TCP and UDP services such as Domain Name System (DNS), Active Directory (AD), and Dynamic Host Configuration Protocol (DHCP) that must be accessible to application workloads.

A Corporate policy template, also known as CPT, is a set of 'allowed' ports and protocols in one or more IP subnets. Use CPTs to manage workloads' access to infrastructure services centrally.

Corporate policy templates page

All CPTs created in the instance are listed on the Policies > Templates > Corporate policy templates page. You can see the name, Access parameters, and network segments applicable to the CPT.

Corporate policies enforcement

Enforce CPTs to Workload groups when you plan to enforce other Security policies such as SPTs or custom Access policies on the groups. Access policies relevant to the CPTs are automatically enforced on the relevant workloads along with other Security policies. All such enforced CPT-based Access policies are listed on the Policies > Access Policies page.

Create Corporate policy templates

  1. Go to Policies > Templates.

  2. Go to the Corporate Policy Template tab.

  3. Click Create Corporate Policy Template.

  4. In the Name text box, enter a name for the CPT.

  5. In the Subnets area, Click Add and add one or more subnets in the Classless Inter-Domain Routing (CIDR) format.

  6. In the Access Parameters area, click Add and add one or more default Xshield Access parameters.

    To search for and add specific Access parameters, use the Search box.

  7. In the Port/Protocol area, click Add and add custom combinations of ports and protocols (if needed).

  8. Click Save.

Add more services to Corporate policy templates

Add more subnets and/or ports, protocols, and Access parameters to a CPT if workloads need access to more infrastructure services.

If you add or remove infrastructure services included in a CPT, Xshield automatically updates the Access policies on the Workload groups if the groups are already in the Enforced mode. Otherwise, you must move the Workload group to the Enforced mode for these changes to take effect.

Delete Corporate policy templates

Deleting actively used CPTs can impact the normal functioning of workloads on which these templates have been enforced. The affected workloads will no longer be able to access the infrastructure services.

Delete a CPT only after you have fully considered the impact.

Next steps

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.