The Common Catalog provides lists that can be pushed from a Trellix ePO server to a Web Gateway appliance. The following types of lists can be pushed: IP address, domain name, string, wildcard expression.
IMPORTANT: Do not modify the content of the lists on the Web Gateway appliance, because this content is updated in intervals on the Trellix ePO server. These updates will overwrite any changes that you might have applied.
A REST (Representational State Transfer) interface runs internally on both systems to enable the list transfer. A Trellix ePO extension for Web Gateway must also be running on the Trellix ePO server.
This extension includes a help extension, which provides online Help for handling the extension. An extension package is provided on the user interface of Web Gateway under the Trellix ePolicy Orchestrator system settings.
To let requests from the Trellix ePO server bypass filtering by web security rules on Web Gateway, you need to import a suitable rule set from the library, place it at the topmost position of the rule sets tree, and enable it.
In addition to this, you need to set up a Trellix ePO user account, as there must be an instance on the appliance that is allowed to handle the list transfer. For setting up this account, the Trellix ePolicy Orchestrator system settings are used.
The user of the Trellix ePO account must also appear as an administrator with an account among the internal Web Gateway administrator accounts.
After lists from the Common Catalog have been pushed to Web Gateway, they appear on the Lists tab of its user interface. A prefix in the list name indicates that a Trellix ePO server is the source of a list.
You can use these lists to configure rules like any other lists on the Lists tab.