Add or edit a policy

The Policy page provides access to all policies configured for your service. Use the tab to view and edit existing policies, or to create new policies.

1. Go to the Policy tab.
2. Select an existing policy to edit it, or click New to create a new policy.
   Use the More menu beside a policy to add a new policy before or after an existing policy, or to delete the policy.
3. Click the Edit name button to give the policy a name, and optionally enter a Description.
4. Click the Applies to field to define the local traffic sources (sites, site groups, users, user groups, or all users) to which the policy will apply.
   Note: If you do not add a source, the default entry of ANY is used.
   Click the Applies to field and begin typing to search, or click a category to select available sources from a list. Repeat the process to add all required sources for the policy.
   You can remove a traffic source from the policy by clicking the Remove button. Apply the policy to traffic from any source, or to all users, by clicking Set to ANY or Set to All Users.
   Note: If you apply a policy to Any source, then the policy will match all traffic processed by the policy, and no further policies will be checked.
5. Set the Default TLS inspection setting for the policy:
   • Decrypt: secure traffic will be decrypted. You must deploy the Forcepoint root certificate to client machines.
   • Do not decrypt (default): secure traffic will not be decrypted. This traffic cannot be fully inspected.

   Note: This setting will be inherited as the default setting for all policy stages. The TLS inspection setting can be changed for specific policy rules and exceptions.
6. Under Policy summary, click a policy stage to edit that policy stage for editing.
7. When you have finished, click Save. (The policy will not become active until it is deployed.)
8. When you have finished creating policy rules, you are ready to deploy your policy. To mske the policy live, click Deploy Changes.