Block Access to Web Objects Globally
When the default web policy is applied to a web request, the Global Block Lists rule set is the first rule set that is applied. When the request is blocked, all further rule processing stops.
- On the user interface, select Policy > Web Policy > Policy.
- From the policy tree, select Global Block > Global Block Lists.
- Optionally configure criteria to limit the scope of this rule set.
- Select the global block rules that you want to enable. When selected, these rules do the following:
- Domains Block List — Blocks web requests sent to the domains in this list.
- Connection IPs Block List — Blocks web requests sent from the connection IP addresses in this list.
The connection IP is the IP address of the firewall or other device between your organization's network and the cloud (your public IP address).
- Client IPs Block List — Blocks web requests sent from the client IP addresses in this list.
- Destination IPs Block List — Blocks web requests sent to the IP addresses in this list.
- User Groups Block List — Blocks web requests sent by users who are members of the groups in this list.
- User Names Block List — Blocks web requests sent by users having the user names in this list.
- Processes — Blocks web requests sent from the process names in this list.
- Configure the lists associated with the rules as needed.
Changes to the policy tree, rule sets, or rules are automatically saved. You can publish them to the cloud now or keep working and publish later.