| Protect | 136
Web
Use the web protection settings to identify and block the latest web threats. These settings let you control traffic and protect against threats and inappropriate web usage. Exceptions let you override settings as required for your business needs.
Policies
With policies, you can control traffic using rules and advanced settings. The default set of policies describes some common restrictions.
Figure 142: Policies
Rules
Rules specify the following criteria:
• Users to whom the rule applies. These include groups and individual users.
• Activities that describe the type of usage to restrict. These include user activities, categories, URL groups, file types, and dynamic categories.
• An action to take when the firewall encounters traffic that matches the rule criteria.
The firewall evaluates rules from highest to lowest. For example, a rule that allows all traffic that precedes a rule that restricts a specific type of traffic takes precedence and the subsequent rule is ignored.
Figure 143: Rules
Migrating Policies from Previous Releases
This release supports up to 128 rules in a single policy. If you are migrating policies from a previous release that contain more than 128 rules, only the first 128 rules will be used.
Web policy rules now support combined activities. These include user activities, categories, URL groups, file types, and dynamic categories. To maintain the overall functionality of the policy, replace blocks of adjacent rules for different activities with a single rule that contains a group of activities. Please delete or consolidate rules as required.
Add Policy
1. Go to Protect > Web > Policies and click Add Policy.
2. Type a name.
3. Click Add Rule.
Tip: To use an existing rule as a template, click the Clone button ( ).
The firewall creates a default rule that blocks all web traffic for all users. The default rule is disabled.
Figure 144: Add Rule
4. Specify users.
a) In the new rule, move the pointer over the users field, click on the user, and then click Add New Item.
b) Clear the Anybody check box.
c) Select users.
| Protect | 137
Tip: You can filter the type of users to display by clicking Show Only and selecting a user type.
d) Click Apply selected items.
| Protect | 138
Figure 145: Select Users
5. Specify activities.
These include user activities, categories, URL groups, file types, and dynamic categories.
a) Move the pointer over the activities field and click Add New Item.
b) Clear the All Web Traffic check box.
c) Select activities.
Tip: You can filter the type of activities to display by clicking Show Only and selecting an activity type.
d) Click Apply selected items.
6. In the Action field, specify an action to take when the firewall encounters HTTP traffic that matches the selected criteria .
Select from the following options (where permitted by the action type):
Options
Allow Warn Block
7. (Optional) Specify an action to take when the firewall encounters HTTPS traffic that matches the selected criteria.
Note: Follow these steps only if you want to specify an action for HTTPS traffic that is different from the one you specified for HTTP.
a) Move the pointer to the right of the Action list.
The firewall displays the HTTPS Use Action action list.
Figure 146: HTTPS Use Action
b) Select an option.
HTTPS Use Action
Use Action: Select this option to use the same action that is currently in effect for HTTP traffic. If you specify a different HTTP action at a later time, HTTPS action will also use that action. Allow:
Always allow HTTPS traffic that matches the selected criteria. Warn: Always display a warning message when encountering HTTPS traffic that matches the selected criteria. Block: Always block
HTTPS traffic that matches the selected criteria.
8. Move the pointer over the Constraints field and select a schedule.
Tip: You can create a new schedule by clicking Create new and specifying criteria.