Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Block Traffic Settings

To achieve a stricter security posture for failure or initialization scenarios, you can configure your Client Profiles and Client Policies directly within the Skyhigh SSE console. 

Access Policy Block Settings

  1. Go to Policies > Skyhigh Client > Policy.
  2. Open an existing policy or create a new policy.
  3. Locate the dedicated Block section within the policy configuration page to access traffic blocking lists and criteria.

Block Gateway Traffic

  1. Navigate to Policy > [Policy Name] > Web > Block.
  2. Check the Gateway is unreachable box to block network traffic when the primary gateway becomes unavailable.

Block Traffic Until Client is Ready

  1. Navigate to Policy > [Policy Name] > Block.
  2. Check the Block traffic when client is not ready box to restrict traffic until the client initializes completely.

Configure Mutual Authentication Blocks

  1. Navigate to Policy > Skyhigh Client Configuration > Client Profile.
  2. Select the specific client profile mapped to the target policy.
  3. Under the security settings, check the Allow connection to block if mutual authentication fail box.

Configure Block Rules in Skyhigh Client

  1. Go to Policy > Skyhigh Client > Policy.
  2. Open your specific client policy.
  3. In the policy ruleset menu, select the Block ruleset.
  4. Locate the Preset Rules section to configure the following settings:
    • Block UDP Traffic on Configured Ports: When enabled, UDP traffic is blocked on ports 80 and 443 by default. Additional custom ports can be configured to extend the list of blocked UDP ports.
    • Block IPv6 Traffic: Check this box to completely restrict traffic utilizing the IPv6 protocol.
  5. Configure these options to define your targeted traffic blocks:
    • Block Domains: Add specific domain names to this list to block outbound web requests sent to those destinations.
    • Block Destination IPs: Add specific IP addresses to this list to block network traffic sent to those target locations.
    • Block Ports: Add specific network port numbers to this list to restrict traffic on those communication channels.
    • Block Processes: Add specific application process names to this list to block traffic originating from those programs.
  • Was this article helpful?