The Network Access DLP governs the rules associated with the behavior of the Private Company Gateway (PCG). By default, Network Access is set to restricted, forcing all traffic emanating from within the Secure Enclave to use the PCG. For more information on the PCG go here. As with all DLP policies, this can be applied at the company level, group or to an individual user. In this article, we will cover the various options available within the Network Access DLP Policy
Unrestricted Network Access
When this setting is selected, applications running within the Secure Enclave will route their traffic to the user's personal internet connection. The traffic will not be encrypted or subject to web policy rules.
Restricted Network Access
This setting is enabled, all traffic emanating from the Secure Enclave will be routed over the Private Company Gateway where it is protected and encrypted.
Bypass Options
Domain
When Network access is restricted to the Secure Enclave, there may be a need to route traffic to certain domains outside of the Private Company Gateway. Some use case may include domains associated with VOIP or video applications to ensure optimal performance. To exclude a domain from routing over the PCG, follow the steps below.
- From the DLP Policy screen click Change to the right of Network access from the default policy or from within a group/user override.
- Under Bypass options locate Domains.
- In the text box to the right, enter the domain you wish to exclude.
- Click the Add button.
- Click Apply at the bottom right of the window.
The table below details the correct syntax for the domain bypass option.
example.com | Includes only the apex or root domain |
*.example.com | Includes all subdomains and excludes apex or root domain |
*example.com | Includes apex or root domain and subdomains |
Network
Networks with traffic restricted to Venn are surrounded with red border.
When Network access is restricted to the Secure Enclave, there may be a need to route traffic to certain networks outside of the Private Company Gateway. Some use case may include a protected website that is accessible from a set a unique IPs distinct from the Private Company Gateway IPs. To exclude a subnet from routing over the PCG, follow the steps below.
- From the DLP Policy screen click Change to the right of Network access from the default policy or from within a group/user override.
- Under Bypass options locate Networks.
- In the text box to the right, enter the subnet you wish to exclude.
- Option: Ensure the check the box Do not route traffic outside of Venn is marked if you intend to access the subnet using a supported VPN running inside of the Secure Enclave.
- Click the Add button.
- Note: If you checked the box Do not route traffic outside of Venn the subnet will appear surrounded with a red border indicating that it will not be routed to the local host.
- Click Apply at the bottom right of the window.
Conferencing Apps
When Network access is restricted to the Secure Enclave, there may be a need to route web conferencing app traffic outside of the Private Company Gateway to enhance their performance. To exclude web conferencing app traffic from routing over the PCG, follow the steps below.
- From the DLP Policy screen click Change to the right of Network access from the default policy or from within a group/user override.
- Under Bypass options locate Conferencing Apps.
- Check the box to the right of the option.
- Click Apply at the bottom right of the window.
Web conferencing app traffic is exclude based on process name. The process list is managed by Venn. If you need an additional process related to a web conferencing app excluded, please contact the support team.