Adding or editing an application rule

You can use the Applications stage page to configure rules that filter network traffic to and from applications, initiated from within your organization.

To configure the application rules:

Steps

  1. On the Navigation pane, click Policy. The All Policies page opens.
  2. Click the New button to add a policy, or click the Edit button against the policy rule in the table to edit a policy. The Policy panel is displayed.
  3. Enter a name for the policy in the Name field. You can skip this step if this field is populated or if no change is required.
  4. Enter a description for the policy in the Description field. This is an optional step.
  5. Type or click to select a source site in the Source Sites field. You can skip this step if this field is populated or if no change is required.
    Note:
    1. When you type or click in the Source Sites field, you are displayed with the appropriate options to select from in a pop-up dialog box. Also, you can click Set to ANY to use any sites as the option.
    2. If you do not add a source site, the default entry of ANY is used.
    3. Click x on the source site element under the Source Sites field to remove it.
    4. If Set to ANY is selected, then the policy will match all traffic processed by the policy and no further policies are checked.
  6. From the Default TLS Inspection Setting drop-down menu, select one of the following:
    • Decrypt: The secure traffic is decrypted for inspection and then re-encrypted before it is sent to the destination. You must have the Forcepoint root certificate installed on the end user workstations.
    • Do not decrypt: The secure traffic is not decrypted, and the traffic cannot be fully inspected. Also, this option is selected by default.
    Note: You can skip this step if this field is populated or if no change is required.
  7. Under Policy Summary, click the Applications link. The Applications stage page opens.
  8. Click a cell within an existing rule in the table to edit it, or click New to create a new rule.
  9. Enter a name, and optionally a description in the Rule cell of the rule in the table.
  10. To define an application to which the rule applies, do the following:
    1. Click the Application cell of the rule in the table.
    2. Click the Type or click to select field and begin typing to search for an application, or click an application category to select an application from a list. Repeat the process to add all required applications for the rule.
  11. To define the traffic sources to which the rule applies, do the following:
    1. Click the Applies To cell of the rule in the table.
      Note: If you do not add a source, the default entry of ANY is used. The rule will apply to traffic from any source to which the policy applies.
    2. Click the Type or click to select field and begin typing to search for an available object, or click a object type to select available object from a list. Repeat the process to add all required sources for the rule.
      Note:
      1. If required, click the New Source IP Address List button to create a new source IP address list. For more details, refer to the Creating a source IP address list topic in the Forcepoint ONE | Firewall Application Online help documentation.
      2. You can click the Set to ANY button to use any source IP address list as the option. If this is selected, then the policy will match all traffic processed by the policy and no further policies are checked.
  12. Click the Users cell of the rule in the table to define the users or user groups from which the request must originate to match this rule. Rules can be applied to all users in order to match any user whose identity is known. Users can be identified by the Web Security Endpoint or via SAML-based authentication.
  13. Click the Action cell of the rule in the table to select an action option to apply to the traffic that matches this rule. Available actions are:
    • Allow and Bypass: Allows matching traffic and bypasses further policy processing stages. Traffic is not decrypted.
    • Block: Blocks matching traffic.
    • Continue Inspection: Allows matching application traffic, and continues processing further policy stages. The request may be blocked by subsequent policy stages.
    • TLS inspection: Defines whether secure (HTTPS) web requests that match this exception are decrypted for inspection:
      • Do not decrypt: Secure traffic will not be decrypted. This traffic cannot be inspected.
      • Decrypt: Secure traffic will be decrypted for inspection. Decrypted traffic is re-encrypted before being routed to the Internet.
      • Default: The TLS inspection setting is inherited from the Default TLS inspection setting of the policy.
  14. In the list of rules, use the ::: Drag to move icon to define the priority order of your rule.
  15. When you are done, click Save.