Feature Configurations
In the filtering process on Secure Web Gateway, features are involved that rule sets rely on for completing particular filtering jobs. For example, the Anti-Malware for GAM feature handles the use of the scanning engines that scan files and other web objects for infections.
A combination of settings that is configured for a feature is referred to as Feature Configuration.
You can configure Feature Configurations on the Feature Config page of the user interface.
Features That Come with Default Settings
These features come with default settings. You cannot edit or delete these settings, but you can copy (clone) them, provide a name for the new settings, and edit them.
-
Anti-Malware for GAM (feature)| Default Gateway Anti-Malware (default settings)
-
Certificate Verification (feature)| Default TLS Certificate Chain Setting (default settings)
-
Certificate Verification Options (feature)| Default Certificate Verification (default settings)
-
Composite Opener (feature)| Default Composite Opener (default settings)
-
Data Trickling (feature)| Default Data Trickling Settings (default settings)
-
HTTPS Decryption (feature)| Default Enable Content Inspection s(default settings)
-
Web Filtering (feature)| Default GTI Setting (default settings)
Features That Can Be Configured At Once
Some features can be configured at once. You need not copy (clone) any default settings to configure these features.
-
DLP Classification (feature)| DLP Classifications (settings)
-
DLP Dictionaries (feature)| DLP Dictionary (settings)
-
ICAP Server (feature)| ICAP DLP Setting (settings)
-
HTTPS Connection (feature)| Customer CA (settings)
-
Next Hop Proxy (feature)| Next Hop Proxy (settings)
Feature Config Page
On the Feature Config page, you can configure features as follows.
-
Create a new collection of settings for a feature — Select a feature, then click New Configuration and configure new settings.
-
Clone and edit the default settings for a feature — Select the default settings for a feature, then select Clone and Edit from the Actions drop-down list, provide a name for the new settings, and edit them.
-
Reset settings to their default values — Select the settings you want to reset, then select Reset to Default from the Actions drop-down list.
-
Delete settings — Select the settings you want to delete, then select Delete from the Actions drop-down list.
Delete a Feature Configuration
- Go to Policy > Web Policy > Feature Configuration.
- Select the required Feature Configuration. In this example, OLD TLS Certificate Chain is selected from the Feature Config
- Click the Actions button dropdown located in the top right corner and select Delete to initiate the deletion.
- A progress bar appears.
NOTE: When deleting a feature configuration, it is important to check whether it is referenced in any rulesets. A feature configuration that is associated with a ruleset cannot be deleted safely, as this would disrupt policy execution. A feature configuration can be safely deleted only if it is not referenced in any ruleset.
To delete a feature configuration, the system must identify references to its across rulesets. During this process, a progress bar will appear to indicate that the system is searching for references. Once the progress bar completes, you will see one of two results:
-
No references found: The delete action will proceed, and you can then publish your changes to make them effective.
-
References found: The names of the referencing rulesets will appear as hyperlinks. You can click these hyperlinks to navigate to the rulesets and update them by associating a different feature configuration, thereby removing the reference to the feature configuration you wish to delete.
- The Old TLS Certificate Chain feature configuration is referenced in the Certificate Verification ruleset.
NOTE: When multiple hyperlinks are present in a ruleset, clicking one can cause you to lose the context of the other links. To address this, a Copy Ruleset Info has been added to allow users to copy all information at once. - You can click the hyperlink to go to the Certificate Verification ruleset where the Old TLS Certificate Chain feature configuration is referenced. To disassociate Old TLS Certificate Chain in Certificate Verification, go to Policy > Web Policy > HTTPS Scanning > Certificate Verification. Click the gear icon next to Certificate Verification.
- In the Certificate Verification - Settings side panel select New TLS Certificate Chain. This dissociates the feature configuration to be deleted from this ruleset.
- Click Save. Click Publish to save changes.
- Go back to Feature Configuration via Policy > Web Policy > Feature Configuration. Click Old TLS Certificate Chain.
- Click the Action button located in the top right corner and select Delete to initiate the deletion.
- A progress bar appears, checking for list references in Policy.
- The feature configuration is deleted once the progress is complete and the review changes are published by clicking the yellow badge.