Topic
This article discusses how to create your LAN topology and user access control using Zones as part of a ControlOne deployment.
Environment
- Cytracom ControlOne
Description
Quick start article index
- Create the Gateway
- Assign the Bridge
- Set up your new Site
- Connect your Site to the internet
- Set up your LAN
- Add users to ControlOne
- Connect the ControlOne Bridge hardware
Procedure
Your LAN and user access is managed through ControlOne Zones. These Zones function as security boundaries between your network segments.
Create a Site Zone
Site Zones separate your network devices, and connect them to the ControlOne Bridge.
1. In the Network Map, click the Add New button in the upper right-hand corner of the window, then select Zone from the drop-down menu.
Figure 1: Add New Zone options (click to enlarge)
2. The Create a Zone dialog box will open. Select Site Zone, then click Next.
Figure 2: New Site Zone creation (click to enlarge)
The new Site will appear in the View Zones section of the Network Map.
3. Enter the new zone's name. If you have more than one Gateway configured, select the Gateway from the drop-down menu.
- Select Auto IP to have ControlOne automatically generate a subnet for this Zone.
- Select Custom IP to enter a predetermined subnet address for this Zone. If you choose this option, be aware of the potential to overlap common home router subnets (such as 192.168.1.0).
When finished, click Create.
Figure 3: Zone setup options (click to enlarge)
The Zone will now show as connected to both the Gateway and the Bridge in the Network Map.
Connect the Site Zone
1. In the Network Map, hover over the Zone object, then click the blue circle that appears on the right-hand border. Select Connect to Site from the pop-up menu.
Figure 4: The Zone object in the Network Map (click to enlarge)
2. Fill out the following connection configuration fields:
- Select a site: Choose your Site's name from the drop-down menu.
- Select a port: The Site must connect to a LAN port. As a best practice, Cytracom recommends using Port 1, the port furthest from your default WAN port.
- Select a connection type: If your this subnet does not use VLANS, select Native. If this subnet uses VLANs, chose VLAN.
Figure 5: Zone configuration options (click to enlarge)
Create a User Zone
User Zones govern your users' access based on their identity (which is determined by their logins via the ControlOne Agent) Users will be granted access based on the policies assigned to this User Zone.
1. In the Network Map, click the Add New button in the upper right-hand corner of the window, then select Zone from the drop-down menu.
2. The Create a Zone dialog box will open. Select User Zone, then click Next.
Figure 6: New User Zone creation (click to enlarge)
Fill out the following connection configuration fields:
- Name: Name your user zone.
- Gateway: Select the gateway you created at the beginning of this deployment from the drop-down menu.
-
Network: This option determines the subnet for your user zone.
- Select Auto IP to have ControlOne automatically generate a subnet for this Zone.
- Select Custom IP to enter a predetermined subnet address for this Zone. If you choose this option, be aware of the potential to overlap common home router subnets (such as 192.168.1.0).
- Users: Select the users for this Zone from the drop-down menu. See Adding Users for more information on how to add users to ControlOne.
- Microsoft Entra ID Groups: Add any created Microsoft Entra ID (formerly Azure Active Directory) groups using this drop-down menu.
Figure 7: User Zone configuration options (click to enlarge)
Next Step: Assign users to ControlOne →
←Previous Step: Connect your Site to the internet
Still have questions? Click here to learn how to contact Cytracom Technical Support or open a ticket.