How do I know which policy is being applied to a client’s requests?

Before you begin

When multiple exceptions or policies might apply to a client’s request, web protection software uses the rules described in How is a policy or exception assigned to a request?, to determine which to apply. If you aren’t sure which exception or policy is currently being applied to requests from a specific client, you can use the Check Policy tool to find out.

Steps

  1. Log on to the Web module of the Forcepoint Security Manager.
  2. Click Check Policy in the Toolbox in the right navigation pane.
  3. To identify a client, enter one of the following:
    • A fully qualified user name

      If your organization uses an LDAP-based directory service, you can also click Find User to search the directory.

    • An IP address
  4. Click Go.

Next steps

The tool displays the name of one or more policies. The tool returns multiple policies when all of the following are true:

  • The user belongs to multiple groups or OUs
  • Different policies are assigned to each group or OU
  • No policy is assigned specifically to the user

This can also occur when an IP address is included in more than one network range.

If the Check Policy tool returns an unexpected result, and client requests are being blocked, you can use information provided in a block page to determine what policy is being applied and how the user has been identified.