search cancel

SSL Intercept and DNS Layers Supported in Tenant Policy


Article ID: 171195


Updated On:


ProxySG Software - SGOS


ProxySG introduces SSL Intercept and DNS Layers Supported in Tenant Policy.

Please reference the 6.7.3.x Release Notes which can be downloaded at 


SSL Intercept and DNS transactions now evaluate tenant determination policy in the landlord policy file. This allows <sslintercept> and <dns> layers to be defined and executed in tenant-specific policy. Previously, these layers were supported in the default tenant policy only.

What Is a Tenant and How Are Tenants Determined?

A tenant is an administrative entity with a unique instance of policy governing its traffic. The tenant policy that applies to a given request is determined by the multi-tenant criterion set in the CLI configuration or policy rules written in the Landlord policy file. To determine tenants using CLI, use the multi-tenant criterion command. This command accepts any substitution expression that refers only to properties of the connection. To determine tenants using the Landlord policy file, enter policy rules in the <Tenant> layer. <Tenant> layers are allowed only in the Landlord policy file. The <Tenant> layer supports only certain conditions.

See "Determine Tenants With Landlord Policy Rules" in the Multi-Tenant Policy Deployment Guide for more information.