Add documentation for SASE OpsLab whitelisting solution #137
Conversation
Document the problem, motivation, business opportunity, detailed use cases, and product behavior for SASE OpsLab's dynamic whitelisting solution.
There was a problem hiding this comment.
Pull request overview
This PR introduces comprehensive documentation for SASE OpsLab's dynamic whitelisting solution, addressing a critical security challenge in SASE deployments where customers need to whitelist only actively-used PoP IPs rather than broad vendor-provided IP ranges.
Key Changes:
- Documents the problem statement, motivation, and business opportunity for the whitelisting solution
- Defines detailed use cases for security managers/architects and managed SASE provider operators
- Outlines the product behavior for automated IP address management and firewall rule deployment
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| The OpsLab stores the complete list of IP addresses (IPv4 and/or IPv6) associated with the customer’s assigned POPs. | ||
| ##Rule Generation and Deployment: | ||
| Based on the maintained list, the OpsKit generates or updates firewall rules to whitelist only these IPs. These rules are pushed and enforced across all customer-associated edge devices (e.g., CPE, uCPE, vCPE). |
There was a problem hiding this comment.
Incomplete section. The "Product Behavior" section describes storing IP addresses and rule generation/deployment, but lacks details about the OpsKit mentioned in line 31. Consider adding a subsection or introductory paragraph explaining the OpsLab/OpsKit relationship and their respective roles before diving into specific behaviors.
| - Allow for policy consistency and auditability across legacy and virtualized firewalls from different vendors. | ||
| By integrating SASE OpsLab into the deployment process, enterprises can accelerate SASE rollouts, reduce misconfiguration risk, and maintain strict security standards without overwhelming their operational teams. | ||
|
|
||
| #Detailed Use Cases (per personas) |
There was a problem hiding this comment.
Inconsistent heading formatting. Headers should have a space after the # symbol for proper Markdown formatting. Change #Detailed Use Cases (per personas) to # Detailed Use Cases (per personas).
| #Detailed Use Cases (per personas) | |
| # Detailed Use Cases (per personas) |
| Sebastian receives repeated requests to configure access only to the specific IPs of the PoPs actually used by its customer’s users. He must manually configure numerous NGFW which is cumbersome and time consuming. He may have created scripts but those are not productized nor dynamic. | ||
| Sebastian uses SASE OpsLab as an automation and orchestration layer to simplify and secure this process. The SASE OpsLab queries the SSE vendor APIs to determine which PoPs are actively used by each customer/site. It then pushes the necessary firewall rules to the appropriate customer edge devices. | ||
|
|
||
| #Product Behavior |
There was a problem hiding this comment.
Inconsistent heading formatting. Headers should have a space after the # symbol for proper Markdown formatting. Change #Product Behavior to # Product Behavior.
| #Product Behavior | |
| # Product Behavior |
|
|
||
| #Product Behavior | ||
| The OpsLab stores the complete list of IP addresses (IPv4 and/or IPv6) associated with the customer’s assigned POPs. | ||
| ##Rule Generation and Deployment: |
There was a problem hiding this comment.
Inconsistent heading formatting. Headers should have a space after the # symbols for proper Markdown formatting. Change ##Rule Generation and Deployment: to ## Rule Generation and Deployment: (also note the colon at the end, which is inconsistent with other headings and should be removed for consistency).
| ##Rule Generation and Deployment: | |
| ## Rule Generation and Deployment |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Document the problem, motivation, business opportunity, detailed use cases, and product behavior for SASE OpsLab's dynamic whitelisting solution.