Learn about ETP

Learn about the main features and components of ETP.

Locations

A location is a public IP address or a named collection of public IP addresses that belong to a region or geographic area in your network, such as a CIDR block for an office branch or your company headquarters. For more on locations, see About locations.

Policies

A policy is a group of settings that define how ETP handles known or suspected threat events and access control events. It’s also where you enable or configure other important features of ETP. For more on policies, see About policies.

Lists

ETP allows you to create two broad categories of lists: block lists and exception lists. For more on lists, see About lists.

Identity providers

An identity provider (IdP) is a service that creates, manages, and saves user identity information. With an IdP, you can enable authentication, and configure the users and groups who can access websites, web applications, specific file types, and sensitive data. For more on IdP, see About identity providers.

ETP Client

ETP Client is a client agent that directs DNS and web traffic to ETP for analysis. For more on ETP client, see About ETP Client.

Enterprise Security Connector

Enterprise Security Connector is a virtual machine (VM) you deploy in your network to act as one of the following:

  • an internal DNS resolver that forwards traffic to ETP.
  • a DNS sinkhole that receives malicious or suspicious traffic.
  • an HTTP forwarder that forwards web traffic to ETP Proxy.

For more on Security Connector, see About Security Connector.

ETP Secure Web Gateway

The Secure Web Gateway (SWG) is the full web proxy configuration of ETP Proxy. SWG performs URL filtering, anti-malware scanning, and applies acceptable use policies to each user. For more on SWG, see Full web proxy.

Access Control

You can define the websites, web applications, file types, and sensitive data that your users are allowed to access. For more on access control, see Configure access control.

Dashboard

Use the Dashboard to apply interactive widgets that allow you to view and track network traffic, events, and other activity across your organization. For details, see Dashboard.

Reports

View data on events and network activity. You can also schedule a daily or weekly report to show alerts, events, or other data. For more information, see Events, Activity, and Scheduled reports.

Roles

Roles include permissions that let you act on objects in ​Control Center​. These roles are available for ETP. Contact your ​Control Center​ administrator to assign one of these roles:

Role

Permission

Description

Super Administrator

etpAdmin

Can perform all operations, view all reports, and see all reporting data in ETP.

Delegated Administrator

etpDelegatedAdmin

A delegated administrator can:

  • Create locations, sub-locations, policies, and custom lists.
  • Manage assigned locations, sub-locations, policies, and custom lists.
    A delegated administrator cannot change the IP addresses or CIDR blocks that are configured to an assigned sub-location.
  • View locations, sub-locations, policies, and custom lists created by other administrators.
  • Deploy assigned locations, sub-locations, policies, and custom lists, as well as locations, sub-locations, policies, and custom lists they created.
For more information, see [Delegated access](doc:delegated-tenant-access#delegated-access).

If the delegated access feature is enabled in ETP, a super administrator can assign the delegated administrator role to an ETP user.

For more information, see Assign a delegated administrator role.

Strict Delegated Administrator

etpStrictDelegatedAdmin

A strict delegated administrator can:

  • Create locations, sub-locations, policies, and custom lists.
  • Manage assigned locations, sub-locations, policies, and custom lists.
    A strict delegated administrator cannot change the IP addresses or CIDR blocks that are configured to an assigned sub-location.sub-location.
  • Deploy assigned locations, sub-locations, policies, and custom lists, as well as locations, sub-locations, policies, and custom lists they created.
For more information, see [Tenant access](doc:delegated-tenant-access#tenant-access).

If the tenant access feature is enabled in ETP, a super administrator can assign this role to an ETP user. For more information, see Assign a strict delegated administrator role.

Tenant Administrator (for Multi-tenancy feature)

etpTenantAdmin

Can perform all operations, view all reports, and data associated with their tenant.

A user must have this role to manage a tenant. When you assign a user to a tenant, they are automatically assigned this role. For more information, see Multi-tenancy.

Report Viewer

etpReportViewer

Can view reports and reporting data in ETP. A report viewer cannot view configuration settings.

By default, a report viewer cannot see the DNS Activity, Summary of Proxy Activity, Proxy Activity, and Identity Provider Activity reports. The etpRestrictedPageViewRole permission is required to view these reports.

Viewer

etpViewer

Has read-only privileges. A viewer can view report data and configuration settings.

By default, a viewer cannot see the DNS Activity, Summary of Proxy Activity, Proxy Activity, and Identity Provider Activity reports. The etpRestrictedPageViewRole permission is required to view these reports.

etpRestrictedPageViewRole

Grants access to the DNS Activity, Proxy Activity, Summary of Proxy Activity, and Identity Provider Activity reports. This is a permission that your Control Center administrator can assign to any ETP role. Unlike other permissions in ETP, this permission cannot be the only one assigned to an ETP user. For example, your Control Center administrator cannot create a role that only has this permission assigned. If you want a Report Viewer to also see these reports, make sure your administrator assigns this additional permission to the user.


Did this page help you?