Add applications within an application group to logically manage different applications as one entity. Intended users can access these applications based on the rules applied in the private access policies.
Note: Any PA app where the server initiates the connection, is not supported. Eg: active FTP, where the client waits for the server to initiate the connection. This will not work as a PA app.
To add an application:
- In the Skyhigh CASB navigation bar go to Settings > Infrastructure > Private Access Configuration.
- Click the Applications tab.
- Under Action menu, click Add Application and complete the following fields:
- Name. Enter the name of the application.
- Protocol. Select the protocol used to access an application. Supported protocols are HTTP, HTTPS, SSH, RDP, and Others (TCP).
NOTE: The Port field automatically populates the default port used by the selected protocol. If you do not want to use the default port numbers, you can change them. Make sure to specify port when you select Others (TCP).
- Host. Enter the fully qualified domain name (FQDN) of the application. You can add "*" before the domain to match every web request sent to a domain. For example, you can add **sky.com, app1.sky.com, app2.sky.com Add a Private Access Policy that allows this host. You can view all these hosts on the Discovered Private Applications page.
NOTE: When a smart match host is added to a PA App configuration, all the matching apps must be reachable from all the connectors in that group.
NOTE: When a smart match host is added to a PA App configuration, ensure that no other PA host matches that smart match host. E.g: if *sky.com, is a smart match host, then app1.sky.com, app2.sky.com shouldn't be added
- Port. Displays the port used to connect an application for the selected protocol. You can specify the ports in multiple different ways - Range (80-90), Individual (80, 90, 8080), or both (100-300, 80, 90)
NOTE: You cannot add multiple applications with the same protocol, host, and port.
- Application Group. Select an application group from the drop-down list or enter an application group name to create a new application group.
- Assign Connector Groups. Assign an existing connector group or create a connector group and assign it to an application. Click Select to assign an existing group or select New to add a connector group.
Note: Any PA app that is public should be reachable directly from the connector, without any proxy in between the connector and the PA app
- Click Save.