Default Rule Sets (Overview)

Last updated
Save as PDF

You can view and access the rule sets of your web policy on the Web Policy page of the user interface for Secure Web Gateway. In the navigation panel of this page, they appear grouped in what is referred to as branches of the policy tree.

The following table shows the branches and rule sets that are available by default after the initial setup.

They are shown in the order they appear on the policy tree.

Branch	Short description, rule set or sets, and more information
SAML Authentication	Authenticates users under the SAML authentication method. SAML Authentication Allows you to enable the SAML authentication method as part of your web policy and to configure exceptions.
Global Bypass	Lets requests for web access bypass filtering globally. Global Bypass Lists Allows you to fill lists with web objects that will bypass all filtering when a user requests access to any of them. For more information, see Global Bypass Lists — Allow Global Access to Web Objects. Update Server Bypass Allows you to let traffic with information retrieved from update servers bypass filtering. For more information, see Update Server Bypass — Allow Global Access to Update Servers. Office 365 Bypass Allows you to let traffic with information retrieved from the Microsoft Office 365 program suite bypass filtering. For more information, see Office 365 Bypass — Allow Global Access to Office 365 Servers.
HTTPS Scanning	Inspects web traffic going on over secure connections. HTTPS Connection Options Allows you to configure options for setting up HTTPS connections. Certificate Verification Allows you to add certificates of your own and configure how to handle missing or revoked certificates. HTTPS Decryption Allows you to configure how HTTPS traffic is decrypted and inspected.
Global Block	Blocks requests for web access globally. Global Block Lists Allows you to fill lists with web objects that are blocked globally and to configure exceptions. For more information, see Global Block Lists — Block Access to Web Objects Globally.
Common Rules	Support the filtering process. Add Additional Header Allows you to add a header to a request before it is forwarded to its destination. Several types of headers can be added. HTTP Method Blocking Allows you to block HTTP traffic depending on the method, for example, POST or GET, used in a request. HTTP Protocol Allows you to modify HTTP traffic, for example, by adding or removing a request header. Download Progress Allows you to choose data trickling or use of a progress page when a web object is download. You can also configure exceptions. WebSocket Control Allows you to enable WebSocket traffic globally or selectively. SafeSearch Allows you to enable SafeSearch in strict or moderate mode.
Web Filtering	Blocks access to websites. Category, Reputation & Geo Allows you to block access to websites based on URL categories, reputation scores, and geographical locations. For more information, see Category, Reputation, and Geo — Block Access to Websites. Category & Domain Coaching Allows you to allow coached access to website based on URL categories and domains. For more information, see Category and Domain Coaching — Allow Coached Access to Websites.
Content Inspection	Inspects data that is uploaded or downloaded. Archive and Transfer Allows you to configure inspection for uploads and downloads and control the transfer of data to archives.
Application Control	Blocks access to applications. Application Blocking Allows you to configure blocking access to applications. Tenant Restriction Allows you to block access to application for individual tenants. Activity Control Allows you to block activities relating to applications, including logon, uploads, and downloads. Application Coaching Allows you configure coached access to applications.
Media Type	Blocks media types. Media Type Allows you to block uploads and downloads of media types that you enter in lists. For more information, see Media Type — Block Access to Media Types.
Browser Isolation	Sends an image of requested content instead of the original content to a user's browser to protect it against web threats. Risky Web Allows you to apply browser isolation when access to a website is considered a risk based on evaluation by Secure Web Gateway. For more information, see Risky Web — User Browser Isolation for Websites Considered a Risk. Full Isolation Allows you to apply browser isolation when accessing any website that you consider a risk. For more information, see Full Isolation — Use Browser Isolation for Websites Based on Your Own Selection.
Data Protection (DLP)	Protects sensitive data. Web DLP Allows you to configure Data Loss Prevention (DLP) as part of your web policy.
Threat Protection	Blocks malware. Anti-Malware Allows you to have web traffic scanned for malware infections and blocked depending on the scanning result. You can configure exceptions. For more information, see Anti-Malware — Block Access to Infected Web Objects.