Learn about the main features and components of ETP.
A location is a public IP address or a named collection of public IP addresses that belong to a region or geographic area in your network, such as a CIDR block for an office branch or your company headquarters. For more on locations, see About locations.
A policy is a group of settings that define how ETP handles known or suspected threat events and access control events. It’s also where you enable or configure other important features of ETP. For more on policies, see About policies.
ETP allows you to create two broad categories of lists: block lists and exception lists. For more on lists, see About lists.
An identity provider (IdP) is a service that creates, manages, and saves user identity information. With an IdP, you can enable authentication, and configure the users and groups who can access websites, web applications, specific file types, and sensitive data. For more on IdP, see About identity providers.
ETP Client is a client agent that directs DNS and web traffic to ETP for analysis. For more on ETP client, see About ETP Client.
Enterprise Security Connector is a virtual machine (VM) you deploy in your network to act as one of the following:
- an internal DNS resolver that forwards traffic to ETP.
- a DNS sinkhole that receives malicious or suspicious traffic.
- an HTTP forwarder that forwards web traffic to ETP Proxy.
For more on Security Connector, see About Security Connector.
The Secure Web Gateway (SWG) is the full web proxy configuration of ETP Proxy. SWG performs URL filtering, anti-malware scanning, and applies acceptable use policies to each user. For more on SWG, see Full web proxy.
You can define the websites, web applications, file types, and sensitive data that your users are allowed to access. For more on access control, see Configure access control.
Use the Dashboard to apply interactive widgets that allow you to view and track network traffic, events, and other activity across your organization. For details, see Dashboard.
Roles include permissions that let you act on objects in Control Center. These roles are available for ETP. Contact your Control Center administrator to assign one of these roles:
Can perform all operations, view all reports, and see all reporting data in ETP.
A delegated administrator can:
If the delegated access feature is enabled, an ETP administrator can assign the delegated administrator role to a user.
A delegated administrator cannot change the IP addresses or CIDR blocks that are configured to an assigned sub-location.
Strict Delegated Administrator
A strict delegated administrator can:
If the tenant access feature is enabled, an ETP administrator can assign this role to a user. For more information, see Assign a strict delegated administrator role.
Tenant Administrator (for Multi-tenancy feature)
Can perform all operations, view all reports, and data associated with their tenant.
A user must have this role to manage a tenant. When you assign a user to a tenant, they are automatically assigned this role. For more information, see Multi-tenancy.
Can view reports and reporting data in ETP. A report viewer cannot view configuration settings.
By default, a report viewer cannot see the DNS Activity, Summary of Proxy Activity, Proxy Activity, and Identity Provider Activity reports. The etpRestrictedPageViewRole permission is required to view these reports.
Has read-only privileges. A viewer can view report data and configuration settings.
By default, a viewer cannot see the DNS Activity, Summary of Proxy Activity, Proxy Activity, and Identity Provider Activity reports. The etpRestrictedPageViewRole permission is required to view these reports.
Grants access to the DNS Activity, Proxy Activity, Summary of Proxy Activity, and Identity Provider Activity reports. This is a permission that your Control Center administrator can assign to any ETP role. Unlike other permissions in ETP, this permission cannot be the only one assigned to an ETP user. For example, your Control Center administrator cannot create a role that only has this permission assigned. If you want a Report Viewer to also see these reports, make sure your administrator assigns this additional permission to the user.
Updated about 22 hours ago