Web Security: Web Access Policy (Cloud Management)

Web Security Admins can customize and create web access policies. If you haven’t yet been assigned the role of Web Security Admin, you should talk to your Account Administrator.
Once you’re Web Security Admin, follow these steps to get started with Web Access Policy.
  1. Enable Web Security to turn on the Web Security view.
    Select
    Manage
    Service Setup
    Overview
    , and then go to the
    Web Security
    panel and select
    Enable
    .
  2. Select
    Manage
    Web Security
    Web Access Policy
    , and then select
    Add Policy
    .
    Here, you can view and customize your web access policies. To create a new policy, select
    Add Policy
    .
  3. Use this table to guide you as you put together your policy.
    Web access policies are enforced from top to bottom. Blocked applications and URLs always supersede applications or URLs that you allow.
    Decide:
    Action to take:
    What's the purpose of this policy
    Give your policy a name. Optionally, you can add a description, tags, and a schedule for your policy. Giving your policy a descriptive name and a meaningful description of its purpose makes it easier to manage later on not just for you, but for other admins as well. Tags can help you group policies with similar characteristics. Schedules can help you manage policies that need to be enforced at regular intervals.
    Where and for whom your policy is enforced
    In the
    Source
    section, define traffic to enforce based on its source.
    Location
    - Enforce web traffic based on where it originates. You can add locations by address, groups of addresses, and geographical region.
    Users
    - Add users and groups of users whom your policy affects.
    Advanced Settings
    - You can enforce traffic based on the deployment type:
    • All
    • GlobalProtect
    • Explicit Proxy
    • Remote Networks
    Device
    - Add a device posture profile to use device state information such as whether a device is jailbroken for policy enforcement.
    What gets blocked
    In the
    Blocked Web Applications
    and
    Blocked URL Categories
    sections, add applications and URL categories to block - Focus on unsanctioned and risky applications that do not have legitimate use in your network and malicious websites.
    What’s allowed
    In the
    Allowed Web Applications
    and
    Allowed URL Categories
    sections, add sanctioned applications and URL categories to explicitly allow for enterprise use. You can even restrict access to certain features within an allowed application. For example, you may want to allow Gmail, but block access to chat or calls within Gmail.
  4. Review the following:
  5. Select
    Push Config
    at the top right corner of your screen.
    A
    Push
    window opens.
  6. Enter a description if you’d like, and then select
    Push
    to push your new policy and settings to the cloud for enforcement.
    If you’re an Account, App, or Instance admin, the
    Push
    window you see may look like the second image above. Just be sure to select the checkbox for
    Web Security
    , and then select
    Push
    .

Recommended For You