Define internal network settings

Use the Internal Networks section of the page to optionally:

  • Assign different policies to different internal networks.
  • Identify trusted networks for which incoming or outgoing traffic, or both, should not be analyzed.
  • Configure session-based authentication for specific networks.

To begin:

Steps

  1. Select the Policy Assignment tab and click Add to identify a network to which you want to assign a policy other than the appliance default. In the Add Policy Assignment dialog box:
    1. Enter a unique Name for the network.
    2. Use the Type list to indicate how you want to identify the network (IP address, Subnet, or IP range).
    3. Enter the subnet, address, or range.
    4. Select a Policy from the drop-down list.
    5. Click Add.

    Repeat these steps for each internal network to which you want to assign a policy.

    Note that networks (IP address ranges and subnets) may not overlap, and you can assign only one policy to each network.

  2. Select the Trusted Networks tab and click Add to identify IP addresses or address ranges whose traffic should not be analyzed. In the Add Trusted Network dialog box:
    1. Enter a unique Name for the network.
    2. Use the Type list to indicate how you want to identify the network (IP address, Subnet, or IP range).
    3. Enter the subnet, address, or range.
    4. Indicate whether to Bypass analysis for traffic from this network, Bypass analysis for traffic to this network, or both.
    5. Click Add.

    Repeat these steps for each internal network whose incoming or outgoing traffic, or both, should not be analyzed.

  3. Select the Session-Based Authentication Tab and click Add to define network addresses and IP address ranges that should use session-based authentication. The defined addresses will be authenticated based on a cookie sent to the browser on the local machine.

    This authentication is valid for the length of time defined in the Session timeout drop-down list (under General).

    1. Enter a unique Name for the network.
    2. Use the Type list to indicate how you want to identify the network (IP address, Subnet, or IP range).
    3. Enter the subnet, address, or range.
    4. Click Add.

    Repeat these steps for each internal network that will use session-based authentication.

    Note: When session-based authentication is enabled, policy SSL decryption rules that apply to sites or categories with the Confirm action are not currently supported.