Stay organized with collectionsSave and categorize content based on your preferences.
Monitoring mesh security
TheGKE Enterprise Security dashboardprovides an at-a-glance view of your applications' current security features as
well as a more detailed policy audit view to show you where you can add or
enable features to make your application workloads more secure.
This page describes how to use the GKE Enterprise security dashboard to
monitor Cloud Service Mesh features.
Monitoring authorization policies
To view status of authorization policies on the GKE Enterprise security
dashboard, go to the Security page in the Google Cloud console.
In theAccess controlcard, clickService access controlto view a
per-cluster rundown.
This window lists every cluster in your project, their location, and whether
or not authorization policies are in effect. If policies are in effect, you
can also view the policy details and the number of blocked service requests.
If none of your clusters have an authorization policy, seeAuthorization policy overviewfor more information.
If any of your clusters have a policy in effect, clickPolicy detailsto
view specific details on the Policy audit page.
This page displays the Workloads running in a single cluster, including the
name, namespace, and service access control status. You can select another
cluster from the cluster drop-down menu or filter Workloads by selecting a
namespace from the namespace drop-down menu.
In theService access controlscolumn, clickEnabledto view the
authorization policy for a specific Workload.
This page displays the authorization policy's name, scope, and creation date.
You can also view the entire authorization policy YAML by clicking the down
arrow icon or anywhere on the row.
Monitoring mTLS policies
To view the status of mTLS policies on the GKE Enterprise security
dashboard, go to the Security page in the Google Cloud console.
In theAuthenticationcard, clickmutual TLS (mTLS)to view a
per-cluster rundown.
This window lists every cluster in your project, their location, and whether
or not mTLS is enabled. If mTLS is enabled, you can also view the policy
details.
If none of your clusters have mTLS enabled, seeConfiguring mTLS.
If any of your clusters have mTLS enabled, clickPolicy detailsto view
specific details on the Policy audit page.
This page displays the Workloads running in a single cluster, including the
name, namespace, and mTLS details. You can select another cluster from the
cluster drop-down menu or filter Workloads by selecting a namespace from the
namespace drop-down menu.
In themTLS detailscolumn, clickStrict,Permissive, orDisabledto view the mTLS details for a specific Workload.
This page displays the name, scope, mode, and creation date. You can also
view the entire mTLS YAML by clicking the down arrow icon or anywhere on the
row.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Monitoring mesh security\n========================\n\nThe [GKE Enterprise Security dashboard](/anthos/docs/concepts/security-monitoring)\nprovides an at-a-glance view of your applications' current security features as\nwell as a more detailed policy audit view to show you where you can add or\nenable features to make your application workloads more secure.\n\nThis page describes how to use the GKE Enterprise security dashboard to\nmonitor Cloud Service Mesh features.\n\nMonitoring authorization policies\n---------------------------------\n\n1. To view status of authorization policies on the GKE Enterprise security\n dashboard, go to the Security page in the Google Cloud console.\n\n [Go to GKE Enterprise Security](https://console.cloud.google.com/anthos/security/policy-summary)\n2. In the **Access control** card, click **Service access control** to view a\n per-cluster rundown.\n\n This window lists every cluster in your project, their location, and whether\n or not authorization policies are in effect. If policies are in effect, you\n can also view the policy details and the number of blocked service requests.\n If none of your clusters have an authorization policy, see\n [Authorization policy overview](/service-mesh/docs/security/authorization-policy-overview)\n for more information.\n3. If any of your clusters have a policy in effect, click **Policy details** to\n view specific details on the Policy audit page.\n\n This page displays the Workloads running in a single cluster, including the\n name, namespace, and service access control status. You can select another\n cluster from the cluster drop-down menu or filter Workloads by selecting a\n namespace from the namespace drop-down menu.\n4. In the **Service access controls** column, click **Enabled** to view the\n authorization policy for a specific Workload.\n\n This page displays the authorization policy's name, scope, and creation date.\n You can also view the entire authorization policy YAML by clicking the down\n arrow icon or anywhere on the row.\n\nMonitoring mTLS policies\n------------------------\n\n1. To view the status of mTLS policies on the GKE Enterprise security\n dashboard, go to the Security page in the Google Cloud console.\n\n [Go to GKE Enterprise Security](https://console.cloud.google.com/anthos/security/policy-summary)\n2. In the **Authentication** card, click **mutual TLS (mTLS)** to view a\n per-cluster rundown.\n\n This window lists every cluster in your project, their location, and whether\n or not mTLS is enabled. If mTLS is enabled, you can also view the policy\n details.\n\n If none of your clusters have mTLS enabled, see\n [Configuring mTLS](/service-mesh/docs/security/configuring-mtls).\n3. If any of your clusters have mTLS enabled, click **Policy details** to view\n specific details on the Policy audit page.\n\n This page displays the Workloads running in a single cluster, including the\n name, namespace, and mTLS details. You can select another cluster from the\n cluster drop-down menu or filter Workloads by selecting a namespace from the\n namespace drop-down menu.\n4. In the **mTLS details** column, click **Strict** , **Permissive** , or\n **Disabled** to view the mTLS details for a specific Workload.\n\n This page displays the name, scope, mode, and creation date. You can also\n view the entire mTLS YAML by clicking the down arrow icon or anywhere on the\n row.\n\nWhat's next\n-----------\n\n- [Learn more about security in Cloud Service Mesh](/service-mesh/docs/security/security-overview)"]]
