What are filters, and how do they work?

Filters are one building block of web protection policies. The 3 types of filters define which categories, URLs, and protocols users can access. By adding filters to a policy, you define how clients at your organization can access the Internet.

  • Category filters list:
    • All of the categories available to your organization, including both Forcepoint URL Database categories and custom categories.
    • The action (like permit, block, confirm, or quota) assigned to each category.

    Each category filter can assign a different action to each category. Your software includes 5 sample category filters that can be customized and used in policies, as well as a set of templates that you can use to create new filters.

  • Protocol filters list:
    • All non-HTTP protocols, including both Forcepoint URL Database protocols and custom protocols.
    • The action (like permit, block, or limit by bandwidth) assigned to each protocol.

      Each filter can assign a different action to each protocol. Your software includes 3 sample protocol filters that can be customized and used in policies, as well as a set of templates that you can use to create new filters.

      The components required for protocol management vary based on your subscription level:

    • (Forcepoint Web Security) Content Gateway offers protocol management for protocols that tunnel over HTTP. It can be used in conjunction with Network Agent to provide full protocol management.

      The hybrid service does not enforce protocol filters.

    • (Forcepoint URL Filtering) Network Agent is required to enable protocol management.

      Web protection software can block TCP-based protocol requests, but not UDP- based protocol requests. If an application uses both TCP- and UDP-based messages, and the original network request is made via TCP, any subsequent data sent using UDP is blocked since the initial TCP request is blocked.

  • Limited access filters are a restrictive list of permitted URLs that can be used in place of a category filter in web protection policies.

    When a limited access filter is in effect, users can visit only the URLs in the list. All other sites are blocked.

    If a URL that is permitted by a limited access filter becomes infected with malicious code, user requests to that URL are blocked as long as Security Risk categories are blocked in the Default policy. Check the category filter currently used by the Default policy to verify that all security-related categories are blocked.

  • Cloud App filters assign an action (like permit or block) to cloud applications that are specified in the filter. This is the action that web protection components take in response to a client’s Internet request.

See the Administrator Help for more information.