Overview
The cloud service provides a standard configuration for all web accounts. These are described below. To customize your settings, follow the instructions in Configuring Web Settings.
page, Proxy auto-configuration (PAC) file settings:
| Standard setting | Reason |
|---|---|
| Policy-specific PAC file should be used by default. | Allows cloud service to change cluster IP addresses without impact to your service. |
page:
| Standard setting | Consider changing if... |
|---|---|
| There are no custom categories by default. | You want to create your own custom categories, each of which comprises a set of websites, for your users. |
page:
| Standard setting | Consider changing if... |
|---|---|
| Standard protocols are provided by default. | You want to create your own custom protocols. |
page:
| Standard setting | Reason | Consider changing if... |
|---|---|---|
| Access Denied page displays by default when a policy denies access to a resource. Other standard include error, Cannot connect, HTTP authentication required, and more. | User needs to know why the requested page is not displaying. | You want a custom notification message. You can edit the default messages or create your own from scratch. |
page:
| Standard setting | Reason | Consider changing if... |
|---|---|---|
| Afternoon Lunch Morning Working hours | These are the most common time periods our customers use. | You want to set up alternate time periods for your users. You can edit a time period or add a new time period. |
By default, all time periods use the Time Zone indicate when registering for the service. Change the time zone if your end users are located in a different time zone or multiple time zones.
page:
Domains added on the Connections tab of a policy are account-level by default. Add one or more policy-level domains if you have multiple domains and want to apply a separate policy to each.
| Standard setting | Consider changing if... |
|---|---|
| There are no default policy-level domains. When you add one, Include sub-domains is ON. Associate this domain with all policies is OFF. | You have multiple domains and want to apply a separate policy to each domain. |
- General tab:
Standard setting Consider changing if... Policy name: default
Administrator: email address used to register account
PAC file: policy-specific PAC file address
Time zone: time zone indicated during registration
Time-based access: off
You want to rename your policy to something more meaningful.
You are establishing a policy for remote users.
Your users are in a different time zone.
You want to configure time-based access.
You want to apply different authentication methods to different geographical locations.
- Connections tab:
Standard setting Reason Consider changing if... By default, all users are treated as remote and must authenticate to use the service. This gives you the tightest security until you configure your own connections. If most users are connecting through a single IP address or IP range. In this case, add one or more proxied connections for your policy.
Add a non-proxied destination when you want to avoid connecting via our proxy service.
- Access Control tab:
Standard setting Reason Consider changing if... By default, all users are treated as remote and must authenticate to use the service. This gives you the tightest security until you configure your own connections. You want to monitor user activity without requiring an additional login.
You want to use Windows authentication to govern access. (Choose NTLM identification.)
You want to authenticate users and you do not have Active Directory.
You want to use a web endpoint client or single sign-on.
- Endpoint tab:
Standard setting Reason Consider changing if... By default, endpoint deployment is disabled. You must choose:
- Whether you want to use an endpoint client
- Which endpoint client to use
- How to deploy the endpoint client
You want to deploy the Proxy Connect endpoint from the cloud.
You want to automatically update one or more endpoint clients to new versions when available.
- End Users tab:
Standard setting Consider changing if... By default, end users are expected to self register, but they must be in your domain. You have a list of users and email addresses that you can upload. In this case bulk register end users to save them time.
If you have end users outside of your domain, invite them to register.
- File Blocking tab:
Standard setting Reason Consider changing if... No files are blocked by default. You must select which file types and extensions are blocked for categories. You want to block certain file types for particular categories, users, and groups. - Web Content & Security tab:
Standard setting Consider changing if... - Malware is blocked both inbound and outbound by default.
- Executables are blocked outbound by default.
- Real-time classification provided by the Advanced Classification Engine is on if available.
- Inbound antivirus analysis is enabled for sites with elevated risk profiles.
- File type analysis is enabled for suspicious and unrecognized files.
Some users require inbound executables. You do not want to block outbound traffic.
You want to refine or disable real-time classification.
You want to refine or disable antivirus analysis.
You want to refine or disable file type analysis.
- Web Categories tab:
Standard setting Consider changing if... Default policy blocks access to offensive and adult sites, allows news and entertainment sites, offers no blocklists or allowlists. - You want to customize the default policy to align with your company’s acceptable use policy.
- You want to decrypt SSL requests for all or specific web categories.