Introduction

Policies govern user Internet access. A policy is a schedule that determines how and when clients are able to access websites and Internet applications. At their simplest, policies consist of:

  • Category filters, used to apply actions (permit, block) to website categories
  • Protocol filters, used to apply actions to Internet applications and non-HTTP protocols
    Note: If you have the Hybrid Module, note that the hybrid service does not enforce protocol filters.
  • Cloud App filters, used to apply actions to cloud applications.
  • A schedule that determines when each filter is enforced

Policies let you assign varying levels of Internet access to clients (for example, users, groups, or IP addresses in your network). First, create filters to define precise Internet access restrictions, and then use the filters to construct a policy.

In a first-time installation, the Default policy is used to monitor Internet requests as soon as a subscription key is entered (see The Default policy). Initially, the Default policy permits all requests.

To apply different levels of access to different clients, start by defining category filters. You might define:

  • One category filter that blocks access to all websites except those in the Business and Economy, Education, and News and Media categories
  • A second category filter that permits all websites except those that represent a security risk and those containing adult material
  • A third category filter that monitors access to websites without blocking them (see Creating a category filter)

To accompany these category filters, you might define:

  • One protocol filter that blocks access to Instant Messaging and Chat, P2P File Sharing, Proxy Avoidance, and Streaming Media protocol groups.
  • A second protocol filter that permits all non-HTTP protocols except those associated with security risks and proxy avoidance
  • A third protocol filter that permits all non-HTTP protocols (see Creating a protocol filter)

You might also define:

  • One cloud app filter that blocks access to all cloud apps that are considered high risk.
  • A second cloud app filter that permits access to a specific list of cloud applications.

Once you have defined a set of filters that correspond to your organization’s Internet access regulations, you can add them to policies and apply them to clients (see Web Protection Policies).