Lesson 8: Creating custom policies

Learn to create different policies to customize policy enforcement for different groups of clients.

Create new policies to add flexibility in managing employee Internet access. Rather than trying to make the Default policy apply to everyone, create custom policies for different groups of clients.

Exercise 1: Start from an existing policy to create a new policy

  1. Go to the Policy Management > Policies page.
  2. Under the list of existing policies, click Add. The Add Policy page appears.
  3. Give the new policy the name Research Assistants.
  4. Provide a brief description for the new policy (for example, “For student research assistants, enforces the Education-Only category filter”).
  5. Mark the Base on existing policy check box, and then select the Default policy from the drop-down list.
  6. Click OK to cache your changes and go to the Edit Policy page.

You will customize the policy in Exercise 2.

Exercise 2: Edit the Research Assistants policy

  1. On the Edit Policy page, under Schedule, expand the Days drop-down list, and then deselect Sat and Sun.

    This policy will only apply Monday through Friday. You can add multiple rows to the schedule to have a policy apply different filters on different days or at different times.

  2. Expand the Category / Limited Access Filter drop-down list, and then select the Education-Only category filter.
  3. Expand the Protocol Filters drop-down list, and then select the Default protocol filter.

    Protocol filters are used to filter non-HTTP Internet protocols, such as those used for instant messaging or streaming media. For more information, see the Administrator Help.

  4. Expand the Cloud App Filters drop-down list, and then select the Basic Security cloud app filter.

    Cloud app filters are used to permit or block access to cloud applications. See the Administrator Help for more information.

  5. At the bottom of the Schedule box, click Add to add another row to the schedule. A default time period appears in the Start and End columns.
  6. Expand the Days drop-down list, and select only Sat and Sun.
  7. In both tall 3 columns, apply the Monitor Only filter.

    Monitor Only permits and logs all Internet requests.

  8. Click OK to cache changes and return to the Policies page.
  9. Click Save and Deploy to implement your changes.

Exercise 3: Apply the new policy to a client

In Lesson 7, you learned how to apply policies to clients from the Edit Policies page. You can also apply policies to clients from the Clients page.

  1. Go to the Policy Management > Clients page.
  2. Expand the appropriate node in the client tree, and then do one of the following:
    • Mark the check box next to the client name or IP address, and then click Edit.
    • Click the client name or IP address.

    The Edit Client page appears.

  3. Under Policy, expand the Name drop-down list and select Research Assistants.
  4. Click OK to cache changes and return to the Clients page.
  5. Click Save and Deploy to implement your changes.

Exercise 4: Verify that the new policy is being applied to the client:

  1. Go to the machine to which you applied the Research Assistants policy.
  2. Open a browser and go to www.ucsd.edu.

    The site is permitted, because it is assigned to the Education > Educational Institutions category.

  3. Next, browse to en.wikipedia.org.

    This site is also permitted, because it is assigned to the Education > Reference Materials category.

  4. Next, browse to a search engine site, like www.google.com or www.yahoo.com.

    The site is blocked, because it is in the Information Technology > Search Engines and Portals category.

You can also use the Test Filtering tool (as explained in Lesson 6, Exercise 3) to verify that the policy is being applied correctly.