To define a filtered location, or update an existing entry

Steps

  1. Enter, review, or update the location Name. The name must be unique, and have between 1 and 50 characters. It cannot include any of the following characters:
    * < > { } ~ ! $ % & @ # . " | \ & + = ? / ; : ,

    Names can include spaces, dashes, and apostrophes.

  2. Enter, review, or update the short Description of the location (up to 255 characters). This appears next to the location name on the Filtered Locations page, and should clearly identify the location to any administrator.
    The character restrictions that apply to names also apply to descriptions, with 2 exceptions: descriptions can include periods (.) and commas (,).
  3. Select or verify the Time zone of the filtered location. Time zone information is used in applying policies, to ensure that the correct filters are applied at the appropriate time.
    Each location whose requests go through the hybrid service can have a different time zone setting. Locations with transparent or explicit proxies use the time zone of the machine on which Filtering Service is running as the time zone for policy enforcement.
  4. In the Type field, indicate or verify the method used to define this location: IP address, IP address Range, or Subnet.
    If you are providing a subnet, specify whether you are identifying it by By bit range (CIDR) or By subnet mask, and then select a bit range or mask.
  5. Enter, verify, or update the external IP address, range, or subnet of the firewall or firewalls through which filtered clients at this location access the Internet.
    • These are external IP addresses, visible from outside your network, and not internal (LAN) addresses.
      Important: Do not enter private IP addresses (in the ranges 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, and 192.168.0.0 - 192.168.255.255) to identify locations managed by the hybrid service. Because these addresses are not visible from outside your network, and are used within multiple local area networks, the hybrid service does not accept private IP addresses as valid entries.
    • Do not include the IP address of any Content Gateway machine.
    • External IP addresses must be unique to your organization, not shared with any other entity, so that the hybrid service is able to associate requests originating from these locations with the policies belonging to your organization.

    CASB customers should stop here. The remaining entries are valid for hybrid only.

  6. Specify, verify, or update how the requests from the location are managed: using the hybrid service, or using local web protection software.
  7. If the site is managed by local web protection software, select, verify, or update the proxy mode for this location: using a Transparent proxy, or an Explicit on- premises proxy.

    If you select Explicit, there must be at least one proxy defined in the Explicit Proxy Configuration table. To add a new explicit proxy to the table, click Add, select a proxy location and preference order from the popup window, then click OK. See Managing hybrid service explicit proxies for more information about the available explicit proxies.

    The filtered location uses the first proxy on the list. If that proxy is not available, web requests from the filtered location are redirected to the next proxy on the list. To change the order, select any proxy on the list and then click Move Up or Move Down to change its position in the list.

    To remove a proxy from the table, mark the check box next to the proxy name, and then click Delete. The deleted proxy is no longer available for this filtered location, but can still be selected for other filtered locations.

  8. Click OK to return to the Filtered Locations page, and then click OK again to cache your changes. Changes are not implemented until you click Save and Deploy.