For an introduction about Namespaces, please check this page
There’s different ways you can navigate between namespaces, but the common ways are:
You can access the namespace navigation bar at any given time or page, and you can use it to search for a specific namespace, move to a parent level, pin a namespace or copy the namespace hierarchy for automation purposes.
Once you open the Namespace Selector, you can:
-
Find a specific cloud account namespace, by clicking on Cloud Account Namespaces
-
Search for a specific namespace by clicking on Search All Namespaaces
-
Pin a specific namespace by clicking on the pin icon
-
Easily find all saves namespaces by clicking on Saved Namespaces
Selecting the Namespaces section in the Microsegmentation Console, you take you to the Namespaces Directory
You can use the search bar to find a specific namespace of if you need to find specific namespaces that have some specific setting (like Allow as Default Action)
To edit a Namespace configuration, click on the Settings tab of the namespace you’re interested on.
To follow settings are available for editing.
If you want to make sure that new Enforcers on a Namespace, will always be installed on a specific version, you can define this using this option.
Default is empty (latest)
Tag prefixes define what tags are associated with Processing Units and can be leveraged to create Rulesets.
You can add custom tag prefixes to allow usage of custom tags on rulesets.
Tag prefixes are always inherited from parent to child namespaces.
Implicit Defaults define what is the default action for a given namespace.
Options are:
-
Inherit - Use the action defined on a parent level
-
Allow - If no explicit ruleset denies a given flow, it will be allowed.
-
Reject - If no explicit ruleset allows a given flow, it will be rejected.
Authorizations allow users to control how external resources can interact with a namespace in a programmatic matter and how Enforcers will register themselves to the Namespace.
An API Authorization implements an ABAC control to restrict actions that external resources can have upon the namespace.
To configure an API Authorization, navigate to Namespaces/Authorization, click on the + sign and select Create an API Authorization
This will open the API Authorization Wizard that will guide you on how to create the API Authorization.
-
Step 1 - Add a name and description to the API Authorization and if you don’t want to propagate it, enable the Hide Policy button
-
Step 2 - Under Subject, leave the conditions as-is and define the target Namespaces that you want to match in the scope.
-
Step 3 - Under Authorizations, select the permissions you want to add to this Authorization.
|
Tip
|
For more information about User Roles, click here |
Cloud AutoRegistration allows Enforcers deployed on public cloud environments (AWS, Azure, GCP) to authenticate themselves to the Microsegmentation console using cloud provider tokens.
Enforcers also use this token to extract the cloud provider metadata and add it to a Processing Unit.
To configure an API Authorization, navigate to Namespaces/Authorization, click on the + sign and select Create a cloud auto-registration policy
Additional details on how to configure a cloud auto-registration policy are covered on the Install Enforcers chapter.
To create a namespace using apoctl, use the command below:
apoctl api create namespace \
--namespace /859809532107743232/lab-cloud-account \
-d '{
"type": "Group",
"defaultPUIncomingTrafficAction": "Allow",
"defaultPUOutgoingTrafficAction": "Allow",
"name": "sample-app"
}'
where /859809532107743232/lab-cloud-account represents the parent namespace of the namespace that is going to be created (in this case, sample-app).
The namespace information needs to be modified to match yours.