About Configuring a Web Policy

The rules of your web policy ensure web security for your organization. They provide protection against threats that might arise when users of your organization who work with cloud services access the web, for example, when they browse websites or download files.

You can configure settings for individual rules and for groups of rules, which are known as rule sets, to implement a web policy that meets your requirements. You can also create your own rules and rule sets. 

Many rules rely on lists, for example, a rule that blocks web access for particular users relies on a list of usernames, which you can configure. You can also configure settings for other components that rules rely on, for example, for the scanning engines, which scan files to find out about virus infections.

When a user's access to the web is impacted by the action of a rule, for example, when a rule blocks a file that a user wants to download from the web, a notification is sent to the user's browser, which you can also configure.

So, when configuring your web policy, you will mainly be working with the following configuration items.

• Rules and rule sets — The Web Policy page of the user interface is provided for working with these items. On this page, you can:

  • Configure the default rules and rule sets — Several rule sets are implemented by default after you have initially set up Secure Web Gateway. You can configure them with their individual rules to meet your requirements.
    
    For example, the following is a rule in the Global Block Lists default rule set. You can fill entries in the Domains Blocklist that is used by this rule. When a user requests access to a domain with a URL that matches an entry in this list, the request is blocked.
    
    
    
    For an example of how to configure a default rule set and its rules, see Configure a Rule Set for Your Web Policy. To have this task explained in an interactive manner, see Configure a Rule Set for Your Web Policy — Visual Story.
     
    For an overview of all the rule sets that are implemented by default, see Default Rule Sets — Overview. This overview also provides links to more information about how to configure each of the default rule sets.
    
    Important parts of web security are covered by the default rule sets for:

    • Malware filtering, see Anti-Malware — Block Access to Infected Web Objects

    • URL filtering, see Category, Reputation, and Geo — Block Access to Websites

    • Media type filtering, see Media Type — Block Access to Media Types

  • Create your own rules and rule sets — You can create your own rules and rule sets to meet requirements not covered by the rules and rule sets that are implemented by default.
    
    For example, you can create your own rule for blocking or allowing URLs and add it to a rule set for URL filtering.
    
    
    
    To create a rule or rule set of your own, you work with the Rule Builder that is provided.
    
    For more information, see Create a Rule with the Rule Builder or Create a Rule with the Rule Builder — Visual Story and Create a Rule Set with the Rule Builder or Create a Rule Set with the Rule Builder — Visual Story.

  • Import a rule set — There is a rule set library, where you can import rule sets from. This allows you to extend your policy for web security beyond the scope of the default rule sets.
    
    For more information, see import a Rule Set from the Library or Import a Rule Set from the Library — Visual Story.

• Lists — You can fill entries in the lists that rules rely on or remove list entries and also create your own lists.
  
  You can go to the Web Policy page and deal with list handling as part of working with rules and rules sets. Lists are also listed in a list catalog. You can go to the List Catalog page to select lists from this catalog and work with them.
  
  For more information, see About Working with Lists.

• Feature settings — These settings are referred to as Feature Configurations on the user interface. A Feature Configuration includes settings for a feature under Secure Web Gateway, which is a component that handles a particular task to support rules.
  
  For example, there is a feature that handles the use of the scanning engines. Another feature handles the retrieval of URL categories and reputation scores from the Global Threat Intelligence (GTI) service. 
  
  On the Web Policy page, you can configure Feature Configurations for particular rules and rule sets. You can also go to the Feature Config page, where Feature Configurations are listed, to work with them.
  
  For more information, see About Working with Feature Configurations. 

• Notifications for end users — You can configure the notifications that are sent to a user's browser when web access is impacted for a user by the action of a rule. The pages with these notifications are referred to as End User Notification Pages.
  
  On the End User Notification Pages page, you can work with templates for these pages. You can clone the default templates that are available and modify them and also create your own templates.
  
  For more information, see About Working with End User Notification Pages.

For more information about the Web Policy page, see Web Policy Page.

This page also provides options for viewing the code that underlies the rules of your web policy and for working with it. For more information, see About the Web Policy Code View. 

For a workflow with high-level steps for configuring a web policy, see Workflow for Configuring a Web Policy — Overview.