Policy Configuration Elements
A web security policy is implemented on Secure Web Gateway, which includes various rules. When a situation arises where a rule applies, this rule performs an action. For example, when a user attempts to download a virus-infected web object, a rule blocks this attempt. For more information about this process, see Filtering Process.
You configure a web security policy by modifying its rules in a way that meets the requirements of your organization. You can also create rules or delete them.
When modifying or creating rules, you are dealing with them on different levels. A rule includes various rule elements. It is itself included in a set of rules. So, when dealing with rules, you are dealing with a complete rule, or with one or more of its elements, or with its rule set.
Rule sets — Rules are grouped in rule sets, each of which usually covers a particular field of web security, such as anti-malware filtering, URL filtering, media type filtering, and others.
A default system of rule sets is implemented on Secure Web Gateway during the initial setup. For more information, see Default Rule Set System.
You can enable or disable these rule sets for on-premise and for cloud use, move, copy, and delete them, modify their rules, import rule sets from a built-in or an online library, and create rule sets of your own.
On the user interface, two different views are usually provided of a rule set, where you can complete these configuration activities. One view is for key activities that are often performed. The other is for more complex activities. For more information, see Rule Set Views.
Rules — You can enable and disable individual rules, move, copy and paste them, delete them, and create rules of your own. Individual rules are usually configured in the more complex view.
Rule elements — As default rules are already implemented on Secure Web Gateway, you will usually configure individual elements of rules rather than creating completely new rules. The following are rule elements that you might deal with more often.
Lists — Lists of web objects are used within rules, for example, to make sure that access to these objects is not impeded by a particular blocking rule. For more information, see About Lists.
Properties — Every rule contains at least one property. A property in a rule on Secure Web Gateway is usually a property of a web object, for example, being infected by malware, or an entity that is related to a web object, for example, a user who requests access to it.
The property of being infected by malware is named Antimalware.Infected on Secure Web Gateway. If this property has the value true for a web object that access is requested to, a rule that includes this property blocks the request and, consequently, denies the user access to this web object.
There is also a list of properties that have recently been introduced, see List of Recently Introduced Properties.
Module settings — Values for properties are found by modules of the filtering process on Secure Web Gateway. These modules are also known as filters or engines. You can configure settings for these modules to let them complete their jobs in different ways.
For example, to find out whether the value of the Antimalware.Infected property is true for a requested web object, the object must be scanned for infections. This part of the anti-malware filtering process is handled by the Anti-Malware module.
By configuring settings for this module, you can, for example, involve the Gateway Anti-Malware engine in the scanning process combined with additional scanning by Advanced Threat Defense.
For working with lists and module settings, you can use both rule set views that are provided on Secure Web Gateway. Properties can only be configured in the more complex view.