home

Security Service Edge

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Security Service Edge

Deployment - Secure Private Access

Define Private Environment

You must configure the private data center or private cloud environment as a resource location in the Management Console, and each location requires a unique environment configuration.

  1. In the Management Console, select Administration > Environment Management.
  2. Click New.
  3. Enter an Environment Name that uses:
    • Only alphanumeric characters.
    • Underscores instead of spaces.
  4. (Optional) Enter a Description.
  5. In the IP Addresses field, enter one or more valid IPv4 addresses for the connection:
    • You must add the public or egress IP address of the AWS EC2 instance where you plan to deploy the Secure Private Access connector using the Amazon Machine Image (AMI). Once you add the IP addresses, we accept the traffic that comes from those IP addresses. We do not recommend CIDR.
    • When you have multiple connectors, add the IP addresses for all connectors to ensure that the cloud service only responds to communication from the correct AWS EC2 instance on which you deployed the SPA connector..
    • The IP address for the node must be public. When a node connects to the Node Manager, the Node Manager validates the node’s IP address against what you configured in the environment. When the node connects, the Node Manager recognizes the node’s public IP address, not the private address.

    • To determine the public IP address for the connector machine, run this command:

      curl https://ifconfig.me/
  6. Click Next.
  7. In the Connector Settings section, select the Protocols and Cipher Suites values.
    Note:

    Note: Contact the Lookout Support team if you want to change the default settings.

  8. In the User Remediation for Invalid Certificates prompt, select one of these options:
    • Self Remediate: Select when you want the Secure Private Access service to accept self-signed certificates for your enterprise web apps.
    • Deny: Select to deny an invalid certificate.
    • Warn: Select to send a warning message from a preconfigured template.
  9. Enable the ZTNA toggle.
  10. Enable the Enable Network Level Access toggle only when using the Lookout client and you want to configure network-level access.
  11. In the DNS Server IP field, enter the network where the private applications run.
    This enables the client to resolve Secure Private Access domains.
  12. Enter the DNS Suffix.
  13. In the Configured IP Networks prompt, select a configured network category and click Apply.
  14. Click Next.
  15. Enable the Override Log Configuration toggle to update the default log configuration settings, or click Save to skip this step.
    You can update these settings at any time after you create the environment:
    Log Level

    The type of content and level of detail included in logs:

    • Warn: Includes errors or warnings of actual or possible problems.
    • Info: Includes informational text about system processes and status, along with warnings and errors.
    • Debug: Includes all informational text, warnings, errors, and more detailed information about system conditions. This information can aid you when diagnosing and troubleshooting system issues.
    • Trace: The most detailed level of information. Developers can use this information to focus on a precise area of the system.
    Number Of Log Files The maximum number of files that can be maintained for debugging. When you reach this number, we delete the oldest log file.
    Log File Max Size The maximum size in MB for each log file.
  16. Click Save.

Last updated: September 30, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.