Security zones

Relevant for AppViz administrators

Security zone configurations in AppViz define the zones used to group objects in application diagrams.

By default, AppViz uses system zones (as defined below). When custom risk profile spreadsheets exist in AFA, AppViz additionally uses the zone definitions in the first profile in the alphabetically ordered list.

Define security zones

  1. Navigate to the Administration area.

    • Hover over the SETTINGS icon at the bottom left of the screen. After the panel expands, click ADMINISTRATION.

    • In the toolbar, click your username. From the drop-down menu, click ADMINISTRATION.

    The Administration area appears in the workspace.



  2. Click the CUSTOMIZATION tab.

  3. In the Security Zones area, do one or both of the following:

    Select a custom risk profile spreadsheet in the drop-down menu.

    Application diagrams will define zones according to the definitions in the spreadsheet. All spreadsheets defined in AFA appear.

    Select / deselect the Show System Zones check box.

    Application diagrams will define zones according system zones, including PCI, internal, and external.

    • The PCI zone will appear according to its definition in AFA. For more details, see Customize the regulatory compliance report.
    • The private (internal) zone is defined as 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 by default. To edit the private zone, see Configure the Internal zone.
    • The external zone is defined as all IP addresses not included in another zone.

    Configure the Internal zone

    By default, AppViz defines the Internal / Private zone as 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. You can customize this.

    Note:

    AppViz advanced configuration properties are managed by AppVizAdvanced Configuration APIs.

    AppViz advanced configuration properties are managed by the user.properties file on the AppViz server.

    To configure the Internal zone | SaaS

    Do the following:

    1. Use the Modify an advanced configuration property endpoint.

    2. Set request body as follows:

      For example, the following sets the internal zone to 172.16.0.0/12 and 192.168.0.0/16:

      Copy
      {
          "key": "security_zones.default_internal_network_ranges",
          "value": "172.16.0.0/12;192.168.0.0/16"
      }

    To configure the Internal zone | on-prem

    Do the following:

    1. Open a terminal and log in using the username "bflow" and the related password.
    2. Open /home/bflow/config/user.properties.
    3. On a new line, add the configuration item:
      security_zones.default_internal_network_ranges
      .
    4. Set the value to a semi-colon delimited list of networks in CIDR format.

      For example, the following sets the internal zone to 172.16.0.0/12 and 192.168.0.0/16:

      security_zones.default_internal_network_ranges=172.16.0.0/ 12;192.168.0.0/16

    5. Save the file.
    6. Restart AppViz.