Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure a Rule Set for Your Web Policy

  1. Last updated
  2. Save as PDF

You can configure an existing rule set. This can be a default rule set or a rule set that you have created on your own. In the following, it is explained how to complete this configuration for a sample rule set. 

The rule set that serves as sample rule set here is the Global Block Lists default rule set. Its rules block access to web objects, for example, domains or IP addresses, globally, based on the configured criteria. To let the rules know about the criteria, you fill these objects in lists.

When a request for access to one of these objects is received on Secure Web Gateway, for example, a request to access a particular domain, it is blocked. It is not forwarded to its destination, so the user who sent the request cannot access the web object.

  1. On the user interface for Secure Web Gateway, select Policy > Web Policy > Policy.

  2. From the policy tree in the navigation panel, select Global Block > Global Block Lists.

    The selected rule set appears in the configuration area on the right. 

  3. Configure when this rule set should apply.

    • Under Criteria, leave the default All Traffic, as you want the rules in this rule set to apply to all web traffic.

    • Next to Applies to, leave the default Request, as you want the rules in this rule set to be processed in the request cycle of web filtering on Secure Web Gateway.
       
      clipboard_e97a4aa7f516bb1ca6965d3f0f0b48e31.png
       
  4. Configure the rules that are preset in this rule set as needed.

    These rules are shown under Preset Rules. For example, there is a rule named Domains Blocklist, which blocks access to domains that you enter in a list.

    clipboard_ede400ea750bc77d316b94837a223fc69.png

    a. Enable or disable any of these rules. Use the toggle checkbox at the beginning of the row for a rule to do this.

        There are preset rules that block web objects of the following types:

  • Domains

  • Connected IP addresses

  • Client IP addresses

  • Destination IP addresses

  • User groups

  • User names

  • Processes

       b. Enter domains and other web objects in lists for use by these rules. Click the three dots at the end of the row
           for a rule and work with the options for list handling that are provided.      

    clipboard_e1a9b8e4d030c597bf5cee30d4160c488.png
          

You can also create rules of your own and add them to this rule set. Click the three dots at the end of the top row and work with the options of the drop-down menu to create a new rule.

This menu also includes an option for reviewing and working with the underlying code for a rule set.

clipboard_ef82ea09bcd138a96bfa343c83e807abf.png

To enable or disable the complete rule set, use the On/Off toggle switch.

If you disable a rule set, it is shown as disabled both in the configuration area and on the policy tree.

For example, if you disable the Global Block Lists rule set using the toggle switch, this switch is grayed out, which means the green field on its left turns to white and the white field turns to gray.

clipboard_e3a59e39476f79ec97db198d022bc7f1f.png

On the policy tree, the name of the rule set changes its color from full gray ... 

clipboard_e5c4e384745e970d917b2992e7bd09dfa.png

... to light gray.

clipboard_e1de07236d76cdde07b8fbd5bec13befb.png

If a rule set that you disable is a parent rule set, all its child rule sets are also disabled. For example, if you disable Global Block here, Global Block Lists is disabled together with its parent.

You cannot reenable a child rule set then without having reenabled its parent rule set before.

After you have completed your configuration activities for a rule set, the filtering process will follow what you have configured.

     

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.