Appgate Software-Defined Perimeter (SDP) is a Department of Defense (DoD)-approved authentication service. This Zero Trust solution provides secure access to DoD networks and associated data. Managed by the Platform One (P1) Cloud Native Access Point (CNAP) team, Appgate SDP provides a range of network security protections to include:
- Denying implicit trust to a single user, device, or application.
- Enforcing a verify then trust security approach to network access.
- Promoting Least Privilege, solely providing as-needed access to network resources.
P1 SSO also helps authenticate and authorize DoD network users. While you can browse IL2 (example: https://code.il2.dso.mil) without Appgate SDP access, you must – in some cases – use Appgate SDP to enter IL4+ environments such as https://code.il4.dso.mil. More specifically, the DoD uses Non-Classified Internet Protocol Router Network (NIPRNet) to manage unclassified information. If you use NIPRNet or NIPRNet VPN (such as Air Force Desktop Anywhere), you can access IL4 and IL5 without using Appgate SDP. DoD's P1 team requires that you use Appgate SDP if you do not use NIPRNet or NIPRNet VPN, as you cannot access IL4 or IL5 without using one of these options.
As customers, it is critical to understand that CNAP allows secure access to Game Warden-hosted solutions at IL4 and IL5. As a reminder, P1 CNAP manages Appgate.
The implementation of Appgate and Palo Alto firewalls provides DoD-approved solutions that meet security controls, as referenced in sections 5.10.1.x of the Cloud Computing Security Requirements Guide (Version 1, Release 4).
For additional information, read Cloud Native Access Point.
To install and run Appgate SDP:
- Download a Multi-factor Authentication (MFA) application.
- Create a P1 SSO account.
- Configure Government Access Card with P1 SSO Account.
- Download Appgate SDP for Windows, macOS, or Linux PCs at Appgate SDP Client Download.
Install Appgate SDP on your PC, following the on-screen prompts.
During the installation process, select Use Profile Link in the Create Profile window then copy the following link into the Profile Link field. You can hover over the end of this profile text below to access the Copy to clipboard function, enabling you to click to copy this text from this location and paste into the Profile Link field during Appgate SDP installation.
This P1 CNAP profile link downloads all required settings and allows access to the P1 Login page.
Click Submit to finalize the new profile addition.
- Click Connect to Appgate SDP in the Profile Created window.
Your browser opens the P1 Login page.
- Login with your CAC/ECA or enter your P1 login credentials then click MFA log in.
- Enter the MFA verification code, if necessary.
- Click Accept after reading and approving the conditions for use of a US Government (USG) Information System (IS).
Appgate installation and P1 access complete.
Close the P1 window and access the now open and active Appgate SDP session, which displays your accessible environments.
Navigate the environments you prefer.
- Exit Appgate SDP by clicking Sign Out or Quit from the Options menu, designated by three vertical dots at the top right of the session.
- Click Sign Out.
You are signed out of Appgate SDP. The session becomes inactive but remains visible.
- Click Quit.
The Appgate SDP session closes and becomes hidden.
- Click Sign Out.
- Re-open Appgate SDP at any time by clicking Sign in with Provider, which launches the P1 Login page.
Customers who do not access IL4+ via NIPRNet or NIPRNet VPN (such as Air Force Desktop Anywhere), must use Appgate SDP to access these environments. During this access, Appgate SDP must remain open and active.