0:01 Welcome to Quick instruction video How to set up Verza client policy. 0:05 This policy shall allows US users to build a VTNA work from anywhere policy for two basic use cases. 0:12 Let's have a look on the standard SASE setup. 0:15 Users shall connect to the public and private services via Verza SASE Cloud Gateways as a prerequisite and the infrastructure is set up with user authentication with optional private connection to the enterprise network. 0:27 The next step is to create Versa secure access policy that will be evaluated during the client registration and enforcing policy into the SASE client. 0:36 Now the client can connect to the Versa SASE Cloud Gateway. 0:41 The client policy includes SASE Gate reachability, traffic routing, application steering, and numerous client configuration options. 0:49 The client policy is mandatory for establishing SASE services like VSA and SWG. 0:55 In this tutorial, we will cover a combined scenario for Virtual secure Access and Secure web gateway. 1:01 The sales users will be entitled to connect from any location and any device towards the closest gateway to reach the private LAN networks. 1:08 The user will get always on feature enabled and restriction to change the client configuration after the registration. 1:15 Let's start the configuration. 1:17 Configure secure client access policy rules. 1:20 So you can add a new policy rule. 1:23 We'll select Secure Access and Secure Web Cave option with the default behaviour to send everything to the cloud gateway without any exceptions. 1:35 In the next option we will select all the gateways and we will let the default IP pools to be assigned to the clients. 1:45 In the client configuration we can select A routes and DNS servers. 1:51 Either use the existing ones or you create another one for your profile and this one. 1:57 The user will be able to connect these particular private prefixes and these particular DNS servers. 2:04 The multi factor authentication will be switched off and there are other client controls that I'll be able to configure like the always on that we want to have remember credentials and allow client customization. 2:17 For the last one, we would like to change it to restrict the client customization so the client can't change the configuration on the go. 2:26 Next steps are EIP agent profile. 2:29 Let me skip for now Device status. 2:33 We will allow all user devices managed and unmanaged to connect. 2:37 Skip the endpoint information profile. 2:39 We will match every single endpoint protection and operating system users. 2:47 We will limit the cells for this particular policy. 2:52 This is the user group cells. 2:54 Or we could select the users independently select cells for now. 3:01 And the last section for matching is the source geolocation. 3:04 We will match all the geolocations and also source IP address. 3:08 So if you skip this field, Step 4 now we give it name for the policy. 3:17 In this case it was sales VSASWG client policy. 3:22 So we can also see when the registration is complete. 3:25 This is the policy being configured. 3:27 We can review all the configurations from the previous tabs and if everything is OK, we say that configuration, we can set it up the bottom or on the top of the list or somewhere in the middle of the list. 3:41 In this case we would like to put it on the top so it's hit as a first. 3:46 When this is done, we can go and publish the configuration. 3:50 Publish of the configuration we can do easily by a publish button and monitor the progress of the publication. 4:01 Now the configuration is completely published to the gateways within our organization. 4:09 After the successful configurations as a portal. 4:12 Now you can register the user Alice into this as a client. 4:15 Let's submit the requested information from the invitation e-mail. 4:24 Enter the password. 4:27 Now we are configuring properly the Versa SSE tenant. 4:32 You can see I have multiple tenants in here. 4:34 I will select the one that we have just configured. 4:37 In the account details you can see that we have Remember Credentials Always connected and always on feature. 4:43 You can't modify that because we restricted that in the SASE portal. 4:48 Also, if you go back into the gateway section, you can see multiple gateways that are available and in the traffic steering configuration you can see the private prefixes as well as the default route for a secure web gateway option. 5:02 Once we configure that, we also can see that the DNS servers are available, the private and the public ones. 5:11 Let's connect to the network using the new profile. 5:16 Before we had an IP address of 188 and we could easily reach out the game link and non corporate sites. 5:26 After connecting to Versa Cloud Gateway, client public IP will be obfuscated by Versa Cloud Gateway public IP. 5:33 We can also see the gambling content is being blocked by Versa Secure Web Gateway policy that will be covered in a different video tutorial. 5:41 After successful registration and connection of the user, you are able to see that user in the dashboard of the SASE portal. 5:49 In the view aspect of the Secure access overview, you can see six successful attempts and three active users. 5:59 Currently we can see the users view or network view and you can see the user Alice that is now connected from Bratislava. 6:09 You can see the local IP address as well and also that the all other users are connected. 6:14 The front for gateway. 6:17 You can see the statistics by computing the users over the time within the period that is selected on the top. 6:23 This is the last 12 hours currently in the successful attempts, failed attempts, the locations, the location geographically per user and also per country. 6:36 In this case you can see them one from Bratislava and two from Paris. 6:43 Also you can see the top countries by user count. 6:48 In the next section you can see the user view. 6:52 It's more detailed view for the summary for the usage over the time. 6:57 You can see the Alice is already here downloading certain data and also transmitting certain data out. 7:07 You can see the respective user independently coming back to the user view. 7:18 Also you can see the events events like the IP SEC tunnel up, hike up or hike down. 7:25 You can see all the interactions with the user Alice in the history. 7:31 Also you can look on the registration part, we can see which profile we're taking for Alice before and after the our new our new rural population. 7:42 So if you can see, we have used the sales VSASWG client policy that created a few minutes ago. 7:52 All exposed analytics are taken from Analytics Engine and they are shown within the last 12 hours. 7:59 It is also configurable for different intervals, the same analytics dashboards and in locks you can find in the Analytics tab. 8:08 Thank you for watching Versa Secure Access Client Policies tutorial video.