Introduction to SureAccess
SureAccess is a secure Zero Trust Network Access (ZTNA) solution that ensures seamless and controlled connectivity to internal resources for Windows, macOS/iOS, and Android devices. By enforcing organization-defined access policies, SureAccess provides a robust mechanism to secure network traffic while allowing flexibility for IT administrators to configure access based on device type and enterprise needs.
Follow the steps below for detailed instructions on setting up and configuring SureAccess to enable ZTNA functionality within your organization:
“SureAccess” requires an add-on license subscription and is available for Premium and Enterprise tiers. Contact our sales team at sales@42gears.com for licensing inquiries or trial licenses.
Step 1: Enable and Configure SureAccess Settings
Navigate to Account Settings > Enterprise Integrations > SureAccess.
Check Enable SureAccess to activate the VPN functionality.
Enter following Configuration Details:
- Enrollment PSK: This field will be auto-generated once the initial configuration is made. This key will be used during the installation of the SureAccess Gateway.
- Approx BE Gateways: Specify the approximate number of Back-End (BE) gateways. The default value is 2.
- Internal DNS Server: Enter the address of the internal DNS server. Multiple values can be entered.
- Allowed FQDN List: List the Fully Qualified Domain Names (FQDNs) allowed to access the VPN.
- Allowed CIDR List: Specify the Classless Inter-Domain Routing (CIDR) ranges allowed to access the VPN.
- Click Save to apply these settings.
After a few minutes, the Status column in the Node Details tab will update to Running, indicating that the Front-End (FE) nodes have started successfully.
For steps on how to Configure SureAccess Gateway, click here
Step 2: Configure and Apply SureAccess Profile to Devices
- This feature is supported only for Android devices with SureMDM Agent version >= 27.35.35.
- This feature is supported only for Windows devices with SureMDM Agent version >= 5.26.0.
- Navigate to Profiles.
- Go to Profiles and select the required platform. Then, perform the following actions based on the selected platform:
| Platform | Actions |
|---|---|
| Android | - Click New Profile - Click Google Play EMM API - Select Primary Profile and configure VPN |
| macOS | - Click New Profile, choose Device Enrollment and configure VPN. - Note: To enable automatic installation of SureAccess, the application must be added as a VPP app in the App Store on SureMDM Console. If it is not added as a VPP app, the admin will need to manually deploy the application to the target device. |
| iOS | - Click New Profile and configure VPN |
| Windows | - Click New Profile and configure VPN |
- Configure VPN:
- Select VPN payload and click Configure.
- Check Enable SureAccess:
- Allowed CIDR List: Specify the allowed CIDR ranges for VPN access.
- Allowed FQDN List: Specify the allowed FQDNs for VPN access.
- Allowed Applications List: Select the applications allowed to operate within the SureAccess VPN. Applications other than the specified applications will be blocked.
- Blocked Applications List: Select the applications blocked from operating within the SureAccess VPN. Applications other than the specified applications will be allowed.
- Save and Apply the Profile:
- Click Save to finalize the profile.
- Navigate to Home and select the desired device.
- Apply the SureAccess policy to the device.
- The SureAccess application will be installed and enabled on the device.
Your SureAccess VPN configuration is now complete and applied to the selected device(s). All traffic to the allowed FQDNs (Fully Qualified Domain Names) or CIDR (Classless Inter-Domain Routing) ranges will now be routed through the configured VPN.