Lesson 4: The Default policy

Learn about the policy that serves as a safety net, governing Internet access for any user to whom no other policy applies.

Your web protection software uses policies to determine how and when Internet requests are handled for users and devices. Each policy includes information about which websites, Internet communication protocols, and cloud applications are blocked or permitted, and the days and times to enforce those rules.

As a safety net, the Default policy is in effect 24 hours a day, 7 days a week. This policy is used to handle requests whenever no other policy applies. Initially, the Default policy monitors requests without blocking.

Note: If your organization uses delegated administration, each role has its own Default policy. A role’s Default policy is enforced for any clients in the role who do not have another policy assigned to them.

Exercise: Become familiar with the Default policy

  1. In the Forcepoint Web Security module of the Forcepoint Security Manager, use the left navigation pane to select Main > Policy Management > Policies.

    A list of existing policies appears in the content pane.

  2. Click Default to view policy details on the Edit Policy page.
  3. Examine the area at the top of the content pane.
    • The policy name appears, followed by a short description of what the policy is intended to do.
    • A summary of the clients specifically governed by this policy is shown. Note that even if no clients are listed here, the Default policy applies to any client not currently governed by another policy.
  4. Examine the Schedule box.
    • After a new installation, the Start, End, and Days columns show that the Default policy is in effect 24 hours a day, 7 days a week.
    • Initially, in the Super Administrator role, the Category / Limited Access Filter column shows that the Monitor Only filter is in effect. In delegated administration roles, the Default policy initially enforces the Default category filter.

      A category filter is a list of categories and the actions (such as Permit or Block) assigned to them. The category filter enforced by a policy determines how user Internet requests are treated.

      The alternative to a category filter is a limited access filter, a list of specific URLs that users can access. When a limited access filter is enforced by a policy, users governed by the policy can access only sites on the list.

    • Initially, in the Super Administrator role, the Protocol Filter column shows that the Monitor Only filter is in effect. In delegated administration roles, the Default policy initially enforces the Default protocol filter.

      A protocol filter is a list of protocols (usually non-HTTP protocols) and the actions (such as Permit or Block) assigned to them. When Content Gateway or Network Agent is installed, the protocol filter enforced by a policy determines which non-HTTP protocols (for example, instant messaging, streaming media, or file sharing protocols) are available to users and applications.

    • Initially, in the Super Administrator role, the Cloud App Filter column shows that the Monitor Only filter is in effect. In delegated administration roles, the Default policy initially enforces the Monitor Only filter also.

      A cloud app filter provides a way to explicitly block or permit a specific list of cloud applications or to block any applications that are considered high risk.

  5. Three tabs appear beneath the policy schedule. Examine the Category Filter tab.
    • The name of the current category filter appears next to the column description.
    • You can scroll through the list to see which categories are permitted and blocked. A legend at the bottom of the page explains the icons that appear next to each category.

    You will learn how to create and edit category filters in a later lesson.

In the lessons that follow, you will learn how to work with policies and their building blocks. You can then use what you learn to edit the Default policy to best suit the needs of your organization.