Identifying a Policy Route

You can determine what policy route would be applied to a particular start and end point to diagnose problems with your policy and verify that the policy works as expected.

To identify a Web policy route:

  1. From the Policy Center Home page, click Web Policy Routes. The Manage Policy Routes page is displayed, listing the defined policy routes.
  2. Click Identify.
  3. Select the From endpoint type (User name and/or IP address or Host name from the drop-down list).
  4. Enter a user name. This must be a valid User name in a Static User Name List or LDAP Synchronized User Name List. You may use wildcards according to Closedthese rules. If you are using NTLM authentication in automatic mode, you must specify the user name with the name of the domain which owns it, for example, domain\username or username@domain.xxx.
  5. If IP address is selected, enter a valid IP address. This must be a valid Machine address from a Machine List identified by IP Address. You may use wildcards according to Closedthese rules.
  6. If Host name is selected, enter a valid host name. This must be a valid Machine address from a Machine List identified by either a simple host name or a fully qualified domain name. You may use wildcards according to Closedthese rules.

     

    Wildcard characters

    Use * to represent 0 or more characters.

    Use ? to represent a single character.

     

  7. Select the To endpoint type (URL or Category) from the drop-down list.
  8. If URL is selected, enter a valid URL. This does not have to be and existing site but the URL must be constructed correctly.
  9. If Category is selected, select a category from the drop-down list.
  10. Click Identify.
  11. The matching policy route will be selected, highlighted in blue and the number of the selected route will be displayed.

 
  • LDAP Synchronized Lists might not be current when this feature is run which would affect the policy section. To resolve this issue, the LDAP lists must be synchronized using Synchronize Now as described in Creating an LDAP Synchronized User Name List.
  • Social Media routes for Facebook, Twitter, LinkedIn and YouTube are based on the URL and not categories. Therefore, they will not be identified when using the Category option.
  • When you have finished modifying your content security policy you must apply the configuration for any changes to take effect. If the Gateways are configured as a group, any group changes should be applied to each Gateway.