List Types
Web security rules on Web Gateway use several types of lists for retrieving information about web objects and users.
The following are the main list types:
- Custom lists — You can modify these lists. They are displayed on the upper branch of the lists tree on the Lists tab, for example, the list of URLs that are exempted from filtering.
Custom lists can have entries in string, number, category, and other formats. Lists with different formats can require different methods of maintaining them. Some custom lists are initially empty and must have their entries filled by you.
To the custom lists that Web Gateway provides after the initial setup, you can add lists that you create on your own.
-
System lists — You cannot modify most of these lists. They are displayed on the lower branch of the lists tree on the Lists tab.
System lists include category, media type, and application name lists, as well as lists of connectors used for cloud single sign-on. They are updated when an upgrade to a new version of Web Gateway is performed.
The list of custom connectors is an exception among system lists, as you can change this list by adding connectors to it that you have configured on your own.
System lists for Data Loss Prevention (DLP), application filtering, and the Dynamic Content Classifier can be included in automatic updates that you schedule.
The user listUpdate is used internally for automatically updating the system lists mentioned above. The user listUpdate logins to the UI
as per the schedule and logs out after updating the lists. This user is limited to localhost and cannot be used for UI login or perform any other administrative activities.
- Inline lists — You can modify these lists, but they do not appear on the Lists tab. They appear inline as part of the settings for a configuration item, for example, a list of HTTP ports as part of the proxy settings.
- Subscribed lists — You set up these lists with a name on Web Gateway. They are initially empty and have their content retrieved from a data source that you subscribe to. Subscribed lists are displayed on the lists tree at the end of the custom lists.
There are two subtypes of subscribed lists:- Skyhigh Security-supplied lists — Content for these lists is retrieved from a Skyhigh Security server.
A number of lists are available on the Skyhigh Security server, for example, lists of IP address ranges or media types. - Customer-maintained lists — Content for these lists is retrieved from a data source that you specify.
Sources that you can specify are files on web servers running under HTTP, HTTPS, or FTP.
- Skyhigh Security-supplied lists — Content for these lists is retrieved from a Skyhigh Security server.
List content is retrieved from the respective servers. To ensure that newer versions of this content are transferred to your lists on Web Gateway, you can perform updates manually or configure automatic updates.
- External lists — These lists reside on external sources under their own names. They have their content transferred to Web Gateway, where they provide the value of a property in a rule.
External list content is transferred during runtime, which means it is retrieved when the rule with the external list property is processed.
When the content has been retrieved, it is cached and reused until its date of expiration, which you can configure. After expiration, the transfer is repeated when the rule is processed again.
Sources that content can be retrieved from include files on web servers running under HTTP, HTTPS, FTP, or LDAP, and in particular types of databases. They also include files that are stored within your local file system.
- Map type lists — These lists store pairs of keys and values that are mapped to each other. You can create map type lists and fill list entries on Web Gateway, or retrieve them as subscribed or external lists from other sources.
Keys and values on map type lists are initially stored in string format, but can be converted into different formats using suitable properties in rules.
- Common Catalog lists — These lists can be pushed from a Trellix ePO server to Web Gateway.
Common Catalog lists can have entries in IP address, domain name, string, or wildcard expression format. They are maintained on the Trellix ePO server.