:::::Web filter policies:::::
(policy enteries can be moved up and down to set the sequence and priority, as they are read from top to bottom)
(changing anything in the web filter, does not require restart of proxy)
1.Manage Policy:
2.Policy Wizard:
(first 4 steps are building the policies using the objects that we defined)
1.who:(users and groups)(you can select just one user aswell)
2.what: (category groups or user defined groups)(category groups/individual categories/swurls lists) (content modification categories are not used here)
3.where (location)(IPs, ranges of IP or subnet)
4.when (time rules to activate policy at specific times)
5.action:
block:
allow:
whitelist: (content modification is not performed on whitelisted)(software updates, iTunes or SSL/CRL whitelisting)
soft block: (will allow after pressing the continue button)
limit to quota: (specific mins or hours of usage/pre-defined time-slice)
create a policy folder:
who: network admin
what: blank
where: everywhere
when: always
action: create policy folder
(then click on the folder symbol in policies, but we can not change the who step as it has already been set)
(the policy will then have another policy embedded in it)
3.When designing a policy:
1.blocked polices first
2.then allow and whitelisted can be used to override unintented blocks
(it is advisable that allowed and whitelists are used as certain exceptions and not whole categories)
(but categories like Software Updates is used as a whole in a whitelist)
(software updates should go through the filter with no issues)
e.g:
whitelist software updates category for all
whitelist no authentication category for all
banned users group blocked everything
custom allowed content category for all (builtin category)(for quick allow section in guardian)
allows network administrators to download exe file types
core blocked content category group blocked for all
custom blocked content category group blocked for all (builtin category)(quick block)
4.Logs and reports » Realtime » System:
(will show you a message that web filter has received a reload signal is reloading the dynamic configuration)
5.Guardian » Web filter » Location blocking:
(to quickly and completely block a location)
6.Guardian » Web filter » Exceptions:
1.(to bypass the web proxy for specific devices i.e. src/dst IPs)
(i.e. will not be transparently intercepted by the web proxy)
2.(any IP address entered here will use port 801, thus will proxy the request, but will not authenticate or filter the request)
(to tshoot application on an IP if authentication or filtering issues)
(if the application from that IP works fine, then the issue will be authentication or filtering issue)
(A source exception IP, using a non-transparent connection, will have unfiltered access to the Internet if configured to use port 801. A source exception IP going through an interface where transparent proxy is enabled will not have outgoing HTTP or HTTPS traffic redirected to the proxy.)
Network and CyberSecurity Professional 