Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Select Your Cloud or On-prem Policy as Default and Configure Exceptions

Under a Hybrid solution, you can use both your cloud and on-prem policy to filter web traffic. You select one of the two as default and enter in lists what you want to filter differently.

This allows you to keep an on-prem policy that you have created on a Secure Web Gateway appliance, for example, as default. The rules of this policy then apply to web traffic originating from users who work on-prem and users who work with cloud services.

At the same time, you can filter web traffic originating from some users, user groups, and locations according to your cloud policy, which you have created under Secure Web Gateway as part of the Security Service Edge solution. You can also do it the other way round and select this policy as default.

The options for using a Hybrid solution to filter web traffic are provided in the Hybrid Policy Routing rule set, which you can add to the policy tree from the list of new and updated rule sets. To make on-prem rule sets available to this solution, you must enable them for cloud use on your Secure Web Gateway appliances.

IMPORTANT: SAML on port 8084 is not supported with SSE Web Hybrid.

  1. On the user interface of your Security Service Edge cloud platform, select Policy  > Web Policy > Policy.

  2. From the policy tree, select Hybrid Policy > Hybrid Policy Routing.

  3. Select a default policy.
    • Cloud Policy — The rules of your cloud policy are used by default to filter web traffic.

      This is the policy that you have created under Secure Web Gateway as part of the Security Service Edge solution.

    • On-prem Policy — The rules of your cloud policy are used by default to filter web traffic.

      This is the policy that you have created on a Secure Web Gateway appliance.

  4. Under Except for the following, enable rules that specify what is not to be handled according to the default policy.

    For each rule that is enabled, click ... (three dots) in the same line and fill entries in the list that appears. You can fill entries for:
    • Locations

    • User groups

    • Individual users

       The default policy is not applied to web traffic originating from the listed items.

       For example, if you have selected your cloud policy as default, your on-prem policy is still applied to web traffic that originates from the users in the
       user groups on your list. 

Your cloud and on-prem policies are now applied according to what you have configured here.

  • Was this article helpful?