Network Security
Internet Security: Central Settings
Table of Contents
Internet Security: Central Settings
Internet Access settings are centrally captured for a given scope under
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
You may customize your own internet security settings for protection from specific
threats and vulnerabilities. Unless explicitly disabled, security settings apply
globally to all allowed internet traffic. This means there’s no need to apply security
settings to individual policies.
You can access the Internet Access settings from , and the select Security Settings tab.
Threat Management
Automatically inspect and prevent threats for all Internet Access rules at multiple
attack vectors.
| Vulnerability Protection | Detect system flaws that attackers can exploit. |
| WildFire & Malware Protection | Protect against never-before-seen, file-based threats. Prevent viruses from entering your network. |
| Country Block Setting | Add regions you want to block for each Source and Destination. You can editing predefined external dynamic lists, for example, to allow specific domains or URLs within a blocked region when necessary. To do this, go to and make the appropriate changes. |
| Detect Command and Control | Detect command-and-control (C2) activity. |
| Application Exceptions | Exclude these applications from threat inspection. |
| Advanced URL inline Categorization | Enable inline machine learning to analyze and manage URL exceptions in real-time: |
DNS Security
Analyze DNS requests in real-time, to protect against malware using DNS for C2 and
data theft.
| DNS Categories | Specify the DNS action for each threat category. |
| DNS Sinkhole Settings | Specify IPv4 and IPv6 sinkhole addresses for endpoints. |
| Domain Exceptions | Exclude specific domains analysis. |
Decryption
Stop hidden threats for all Internet Access rules by getting visibility into
encrypted traffic.
| Global Decryption Exclusions | Bypass certain URL categories and add custom exclusions from SSL decryption. |
| Handshake Settings | Specify the lowest and highest supported versions of SSL and TLS to be used for SSL connections. Also, specify algorithms to be used for key exchange, encryption, and authentication. |
| Bypass & Logging Settings | Choose whether to log successful and unsuccessful TLS Handshakes. |
| Actions Options |
Choose to allow or block the sessions when decryption fails or
other conditions are met.
|
File Control
Take action when certain types of files enter your network.
| File Types | Block or allow uploads or downloads of certain file
types, or choose to be alerted when certain file types are uploaded
or downloaded. Actions available uploads and downloads are:
|