There are a few policies that require you to be inside the Trusted Zone. The Trusted Zone allows for an Administrator to restrict access to devices based on their location even when devices are offline. This is accomplished by installing a trusted certificate on the computers that are inside the Trusted Zone.
There are two ways to define a Trusted Zone:
Any device inside the Trusted Network will be inside the Trusted Zone. This requires devices to be online and connected to the Server. You are able to set a list of allowed IP addresses that are permitted to be inside the Trusted Network.
If Trusted Network is turned off or blank then all valid IP addresses will be considered inside the Trusted Network, and thus the Trusted Zone.
Trusted Network uses the IP address of the computer as it reaches the SafeConsole server. Thus if traffic is routed through a VPN, then it will need to be the VPN's address that is allowed.
ZoneBuilder is a tool to create a “Trusted Zone” of computers that makes using your SafeConsole managed devices even more Simply Secure.
This policy has settings that are not compatible with the following devices:
All Devices - v4.8.19 and earlier
All Devices - v6.0
macOS Operating Systems - v6.x - (Automatic Device Unlock)
HOW TO CREATE A TRUSTED ZONE
- Allowlist the computer IP address in SafeConsole.
- Plug in your SafeConsole Ready storage device and enter the device password.
- Your computer has been registered into your Trusted Zone!
WITHIN YOUR TRUSTED ZONE YOU CAN
- RESTRICT device access to computers inside your Trusted Zone.
- AUTO-UNLOCK your storage device eliminating the need to enter your password. It makes sharing files within your Trusted Zone quick and easy. This feature uses RSA client certificates for authentication.
USE CASE: DLP SOLUTION
Prevent your team from copying sensitive data from your Trusted Zone to an unknown computer.
The device owner does not have to share the device password when sharing files with other members within the Trusted Zone.
USE CASE EXAMPLE:
You only want to allow SafeConsole Ready Devices to be used on company provided workstations.
- Allow your company's public IP (Cloud) or Private IP range (On-Prem) inside the Trusted Network policy.
- Enable ZoneBuilder, And the Option to "Only allow device usage on computers linked within your Trusted Zone"
When your users unlock their device once inside your network they will be able to use their device offline and at home on their company computer.
Additional knowledgebase resources: