You can configure several parameters and functions of DLP scanning as part of your web policy. This includes configuring a rule that allows files to bypass DLP scanning, which would otherwise be part of the filtering process that is performed to ensure web security.
This bypass is configured based on media types. In the following, it is explained how to configure this bypass using a bypass list, as one of the steps for configuring a default web policy rule set.
The bypass list does not work for some media types. You need to use a workaround here to exclude, for example, multipart media from DLP scanning. For more information, see Configuring Media Types to Bypass DLP Scanning.
For more information about how to configure what is related in your web policy to DLP scanning, see Manage Web DLP from Web Policy.
Complete the following steps to configure web policy rules for DLP scanning:
- On the user interface for Secure Web Gateway, select Policy > Web Policy > Policy.
On the policy tree, expand Data Protection (DLP) and select Web DLP.
The selected rule set appears in the configuration area on the right.
Configure the rule that that allows files to bypass DLP scanning if they are of particular media types. It is shown under Global Downselection Settings.
Click the three dots at the end of the line with the rule to display a menu with options for list handling.
Select Edit List.
The list of media types that are currently in use appears in a panel on the right.
To open this panel, you can also click the rule name, which is marked in blue.
Click Actions and select Add New Items.
The media type catalog opens. Media types are grouped under main types, for example, audio/x-gsm under Audio. The media types that are currently in use are shown on the right.
Select the media types that should bypass DLP scanning.
For example, expand Video, then select video/vnd.mpegurl and video/x-ms.wmx.
The selected media types are shown on the right.
Click Done and then Save to close the catalog and panel.
Mark the checkbox to enable the rule.
Configure the rule that limits the size (in MB) of files that DLP scanning is performed on. It is shown under Global Downselection Settings.
To specify the maximum size, enter a number in the input field. DLP scanning is not performed on files exceeding this size.
Under DLP Policies, a list of the DLP policies that are currently in use is shown.
Click the three dots at the end of the line with a DLP policy to display a menu with options to edit or delete it. To create a new DLP policy, click + and work with the options that are provided.
You have now configured the DLP scanning parameters and functions that can be configured as part of your web policy.