Managing categories, actions, and SSL decryption

The category list on the Web Categories tab includes the standard categories provided with your subscription, and any custom categories that you have defined on the Custom Categories tab for this policy (shown as Policy Custom Categories) or on the Policy Management > Custom Categories page (shown as Account Custom Categories).

  • Actions (described in Policy enforcement actions) are applied to either standard or custom categories to determine whether and how end users are allowed to access websites in the category.
  • When SSL decryption is available and enabled, decryption may be applied to standard categories only.
    • This option is available for Forcepoint ONE Web Security only.
    • Decryption is disabled for all categories by default.
    • If you enable one or more categories for decryption, you must also enable at least one of the analysis options on the Web Content & Security tab since these options define the types of security analysis that takes place. If you do not enable any of these options on the Web Content & Security tab, the categories you select are decrypted to enable correct notification pages, but not analyzed.
Note: If you enable Analysis exceptions on the Web Content & Security tab and a site defined as an exception is also in a category selected for SSL decryption, the exception defines whether or not the HTTPS version of the site is analyzed. For example, if “google.com” is set to Never Analyze and the Search Engines and Portals category is selected for SSL analysis, https://www.google.com would be decrypted but not analyzed.

In the Standard Categories section, child categories are indented under their parent categories. Expand the parent category to see its child categories.

Parent categories allow specific categories to be grouped by a more generic description—for example, Internet Communication is the parent category for General Email, Organizational Email, Text and Media Messaging, and Web Chat. However, there is no hierarchical relationship between parent categories and the child categories within them: you can set a filtering action for a parent category without it affecting the child category, and vice versa.

Privacy categories are marked with a padlock icon. This predefined group includes the following categories that may be subject to regulatory requirements:

  • Financial Data and Services
  • Prescribed Medications
  • Education
  • Government
  • Health

Websites in these categories may include personal identification information that should not be decrypted, and you may want to avoid specifying these sites for decryption.

To edit the action applied to a category, or the SSL decryption behavior for a category:

Steps

  1. Select a web category from the category list.

    You can select a category directly from the list, or enter text in the search box to locate the category you want.

    To select multiple categories, use the Shift and/or Ctrl keys. You can also use the drop-down menu above the category list to select Web 2.0 categories or privacy categories, or to select or deselect all categories.

  2. Select an Action for the category. See Policy enforcement actions.
  3. If SSL decryption is enabled, select whether or not to decrypt sites in the category.
  4. If you have made changes to one or more parent categories, optionally click Apply to Subcategories to use the same settings for both parent and child categories.
  5. Click Save.

    If you have selected the Decrypt option for a privacy category, a warning message appears.

    Important: The Block Access list configured on the Cloud Apps tab (see Cloud Apps tab) takes precedence over actions assigned on the Web Categories tab. If a blocked cloud app is requested using a URL categorized in a category that is set to allow, access to it is blocked.