Work with Rules and Rule Sets

Last updated
Save as PDF

A web security policy is implemented on Secure Web Gateway, which includes various rules. When a situation arises where a rule applies, it performs an action. You can configure this policy by modifying its rules to adapt them to the needs of your organization.

To configure a web security policy, you modify its rules, dealing with them on different levels. A rule consists of various rule elements. It is included in a set of rules. So, when dealing with a rule, you are dealing with a complete rule, or with one or more of its elements, or with its rule set.

For reference information about individual rule sets, see Secure Web Gateway Rule Sets.

Access a Rule Set

Access a rule set on the user interface of Secure Web Gateway to work with its rules and their elements.

Task

Select Policy | Rule Sets.
The Rule Sets tab appears showing the rule sets that are implemented in the navigation pane.
Click the rule set that you want to access.
A view of the rule set appears in the configuration pane.

You can now work with the rules and rule elements of the rule set.

Enable a Rule Set for Cloud Use

You can enable a rule set for cloud use.

Task

Select Policy | Rule Sets.
On the rule sets tree, navigate to the rule set you want to enable for cloud use and select it.
A view of the rule set is shown in the configuration pane.
Click Enable in cloud to make this rule set available for cloud use.
Click Save Changes.

The rules in this rule set are now also used to filter traffic that occurs when cloud users access the web.

Configure a Key Rule element

Configure a key element of a web security rule.

NOTE: This task is a sample task that shows how to complete this configuration procedure.

A URL is entered into a URL allowlist. This allowlist is a key element of a rule in the default URL Filtering rule set.

When a request for access to a web object is received on Secure Web Gateway, the rule lets the request skip URL filtering if the URL that is submitted with the request is on the allowlist. This reduces filtering effort and time for requests to access "allowed" web objects.

The URL entry in the sample is https://www.skyhighsecurity.com/*. Due to the wildcard element (*), all requests with URLs that match this entry, for example, https://www.skyhighsecurity.com/en-us/products/secure-web-gateway.html, will skip URL filtering.

Task

Select Policy | Rule Sets.
On the rule sets tree, select the URL Filtering rule set.
Key elements of the rules in this rule set appear in the configuration pane.
Under Basic Filtering, click Edit next to URL Allowlist.
The Edit List window opens.
Enter a URL into the allowlist.
1. Under List content, click the Add icon.
  The Add Wildcard Expression window opens.
2. In the Wildcard Expression field, type https://www.skyhighsecurity.com/*.
3. Click OK.
  The Add Wildcard Expression window closes, and the URL appears in the list of the Edit List window.
Click OK.
The Edit List window closes.
Click Save Changes.

Configure a Rule Element in the Complete Rules View

The following is a sample task for configuring an element of a web security rule in the complete rules view.

A URL is entered into a URL allowlist. This allowlist is an element of a rule in the default URL Filtering rule set. The steps for accomplishing this are almost the same as for completing this task in the key elements view. Only the way the URL allowlist is accessed is different.

When a request for access to a web object is received on Secure Web Gateway, a rule lets the request skip URL filtering if the URL that is submitted with the request is on the allowlist. This reduces filtering effort and time for requests to access "allowed" web objects.

Task

Select Policy | Rule Sets.
On the rule sets tree, select the URL Filtering rule set.
Key elements of the rules in this rule set appear in the configuration pane.
Click Unlock View to leave the key elements view.
A message asks you to confirm that you want to leave the key elements view, and also warns you that you cannot return to this view.
Click Yes.
The complete rules view appears.
In the rule Allow URLs that match in URL Allowlist, click URL Allowlist.
The Edit List window opens.
Enter a URL into the allowlist.
1. Under List content, click the Add icon.
  The Add Wildcard Expression window opens.
2. In the Wildcard Expression field, type, for example, https://www.skyhighsecurity.com/*
3. Click OK.
  The Add Wildcard Expression window closes, and the URL appears in the list of the Edit List window.
Click OK.
The Edit List window closes.
Click Save Changes.

Import a Rule Set

You can import a rule set from the library into your rule set system.

Task

Select Policy | Rule Sets.
On the rule sets tree, navigate to the position where you want to insert the new rule set.
From the Add drop-down list, select Rule Set from Library.
A window with a list of the library rule sets opens.
Select the rule set you want to import, for example, the Gateway Antimalware rule set.
If conflicts arise when importing this rule set, they are displayed in the window.

IMPORTANT: Conflicts arise when a rule set uses configuration objects, such as lists or settings, that already exist in your rule set system.

Use one of the following methods to solve conflicts:
- Click Auto-Solve Conflicts and choose one of the following strategies for all conflicts:
  - Solve by referring to the existing objects — If rules of the imported rule set refer to objects existing in the appliance configuration under the same names, references are made to apply to these existing objects.
  - Solve by copying and renaming to suggested — If rules of the imported rule set refer to objects existing in the appliance configuration under the same names, these objects are also used, but are renamed, so as to avoid conflicts.
- Click the listed conflicts one after another and solve them individually by choosing either of the two above strategies each time.
Click OK.
The rule set is inserted in the rule sets tree. It is enabled by default.
List and settings that the rule set needs to perform its filtering job are implemented with the rule set and can be viewed on the lists and settings trees.
If necessary, use the blue arrows above the rule sets tree, to move the rule set to where you want it to be.
Click Save Changes.

Create a Rule Set

You can create a rule set and add it to your configuration.

Task

Select Policy | Rule Sets.
On the rule sets tree, navigate to the position where you want to insert the new rule set.
Click Add above the rule sets tree.
A drop-down list opens.
Select Rule Set.
The Add New Rule Set window opens.
Configure the following general settings for the rule set:
- Name — Name of the rule set
- Enable — When selected, the rule set is enabled.
- Enable in cloud — When selected, the rule set is also enabled for cloud use.
- [Optional] Comment — Plain-text comment on the rule set
In the Applies to section, configure the processing cycles. You can select only one cycle, or any combination of these three:
- Requests — The rule set is processed when requests from the users of your network are received on the appliance.
- Responses — The rule set is processed when responses from web servers are received.
- Embedded objects — The rule set is processed for embedded objects sent with requests and responses.
In the Apply this rule set section, configure when the rule set is applied:
- Always — The rule set is always applied.
- If the following criteria is matched — The rule set is applied if the criteria configured below is matched.
In the Criteria section, click Add.
The Add Criteria window opens.
In the Property area, use the following items to configure a property:
- Property — List for selecting a property (property types shown in brackets)
- Search — Opens the Property Search window to let you search for a property.
- Parameter — Opens the Property Parameters window for adding up to three parameters, see Step 10.
  The icon is grayed out if the property has no parameters.
- Settings — List for selecting the settings of the module that delivers a value for the property (module names shown in brackets)
  The icon is grayed out if no settings are required for the property and (not needed) is added.
- Add (String, Boolean, or numerical) — Configure it in the Value area. Then click OK.
- Edit — Opens the Edit Settings window for editing the selected settings.
  If no parameters need to be configured for the property, click OK and continue with Step 11.
If you need to add property parameters:
1. Click Parameter.
  The Property Parameters window opens.
2. Add as many parameters as needed.
  A parameter can be a:
  - Value (String, Boolean, or numerical) — Configure it in the Value area. Then click OK.
  - Property — Follow the instructions for editing properties, beginning with Step 4.
From the Operator list, select an operator.
In the Parameter area, add a parameter (also known as operand).
This can be a:
- Value (String, Boolean, or numerical) — Configure it in the Value area.
- Property — Follow the instructions for editing properties, beginning with Step 4.
Click OK to close the Add Criteria window.
[Optional] Click the Permissions tab and configure who is allowed to access the new rule set.
Click OK. to close the Add New Rule Set window.
The Add New Rule Set window closes and the rule set is inserted into your rule set system.
Click Save Changes.

Restrict Access to a Rule Set

To restrict access to a rule set, complete the following procedure.

Task

Select Policy | Rule Sets (or Lists or Settings).
On the tree structure, navigate to the position where you want to add the new item.
Click Add above the tree structure.
An Add window opens.
Complete the steps for adding a new item. Then click the Permissions tab.
Three modes of access can be configured: Read and Write, Read, and No Access.
Click Add under the Read and Write pane.
The Add Role or User window opens.
Select a role or a user (or more than one of each type at once) from the list in the corresponding pane. Or type a wildcard expression as the name of a role or user in the Wildcard field.
Add as many entries to the Read and Write list as needed.
Use the Delete button under the pane to delete entries
Fill the Read and No Access panes in the same way.
Use the radio buttons under All other roles have to configure access for all roles and users that are not included in one of the lists on the tab.
Click OK to close the window.
Click Save Changes.

Restrict Access to Configuration Items

When creating rule sets, lists, or settings, or working with existing ones, you can restrict access to them.

Task

Select Policy | Rule Sets (or Lists or Settings).
On the tree structure, navigate to the position where you want to add the new item.
Click Add above the tree structure.
An Add window opens.
Complete the steps for adding a new item. Then click the Permissions tab.
Three modes of access can be configured: Read and Write, Read, and No Access.
Click Add under the Read and Write pane.
The Add Role or User window opens.
Select a role or a user (or more than one of each type at once) from the list in the corresponding pane. Or type a wildcard expression as the name of a role or user in the Wildcard field.
Add as many entries to the Read and Write list as needed.
Use the Delete button under the pane to delete entries
Fill the Read and No Access panes in the same way.
Use the radio buttons under All other roles have to configure access for all roles and users that are not included in one of the lists on the tab.
Click OK to close the window.
Click Save Changes.