>
    Modify Default GenAI App Access Policy Rule to Control GenAI Access
    Focus
    Download PDF
    Focus
    1. Home
    2. AI Access Security
    3. Modify Default GenAI App Access Policy Rule to Control GenAI Access
    Download PDF
    AI Access Security

    Modify Default GenAI App Access Policy Rule to Control GenAI Access

    Table of Contents

    Modify Default GenAI App Access Policy Rule to Control GenAI Access

    Modify the default GenAI App policy rules in
    Strata Cloud Manager
     to control GenAI App usage in your enterprise.
    Where Can I Use This?
    What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Strata Cloud Manager)
    One of the following:
    • AI Access Security
       license
    • CASB-PA license
    • CASB-X
       license
    Modify the Default GenAI App Policy rule in
    Strata Cloud Manager
     to control GenAI App usage in your enterprise.
    • In
      Strata Cloud Manager
      , even though you can create policy rules through Security Policies for GenAI Apps, it is recommended that you use Web Security to create policy rules efficiently.
    • It's not recommended to have both GenAI and non-GenAI apps in the same policy if the
      Enterprise Data Loss Prevention (E-DLP)
       license isn't active.
    For
    Strata Cloud Manager
    , the Default Web Access Policies like
    Global Web Access
     and
    Global Catch All
     policy rules are used to control outbound traffic and web applications. To control the use of GenAI applications in your enterprise with an out of the box policy, use the
    Default GenAI App Access
     policy rules (under Default Web Access Policies). By default, this policy blocks all GenAI apps across your enterprise. To modify this policy:
    1. Log in to
      Strata Cloud Manager
      .
    2. Select
      Manage
      Configuration
      NGFW & Prisma Access
      Security Services
      Web Security
       and select your target
      Configure Scope
      .
    3. In the
      Default GenAI App Access
       section, click the predefined
      Default GenAI app Access
      policy rule.
      This policy controls the access to GenAI applications.
    4. Enable the Default GenAI App Access policy. It's disabled by default.
    5. Select
      GenAI App Access Policy
       and open the configuration page.
    6. In the
      Blocked Web Applications
       section, select
      +
       to add a specific Application Group, Applications, or a Custom Application Group to this list. Select
      X
       to delete existing GenAI applications from the list.
      In the following example, you can see the default list of blocked GenAI applications like GenAI Conversational Chat, GenAI Image Editor Generator, and so on.
    7. In the
      Allowed Web Applications
       section, select
      Add
       to add a specific Application Group, Applications, or a Custom Application Group to this list. Select
      -
       to delete existing GenAI applications from the list.
    8. In the
      Blocked URL Categories
       section, select
      +
       to add specific URL categories, Multi-Category URLs, or Dynamic URL Lists that are malicious and high-risk URL categories. Select
      X
       to delete existing URLs from this list.
    9. In the
      Allowed URL Categories
       section, select
      +
       to explicitly allow URL/custom categories in your enterprise. Select
      X
       to delete existing URL categories from this list.
      You can't modify the name and description of the Default GenAI App Access policy.
    10. Save
      .
    11. Push Config
       and
      Push
      .

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.