Manage Policy Routes page

The Manage Policy Routes page enables you to create and manage policy routes and to apply content rules to them.

Tell me about...

• Defined Policy Routes

  The Routes  Defined area lists all the currently defined policy routes. The order in which the policy routes are listed determines their relative priority.

  Secure ICAP Gateway attempts to match the connection with the From and To endpoints defined by the policy routes. If a match is detected, traffic is directed by the first enabled matching policy route in the list.

• Policy route symbols

  Symbol	Description
  	Default action is Allow
  	Default action is Block
  	Policy route incomplete or incorrectly configured.

• Enabled/Disabled Policy Routes

  Policy routes must be enabled to detect and match traffic. Secure ICAP Gateway does not apply content security policy to messages on disabled routes.

  or indicates that the route is currently enabled.

  or indicates that the route is currently disabled.

• Content Rules and Policy Routes

  Content rules are applied to policy routes and are given a priority order on each route. It is possible that a detected connection could match more than one content rule on a policy route.

  Content rules are always applied in the order of priority displayed on the route.

  You can color-code your policy routes by applying a color label. See Applying a Color Label to a Policy Route.

• Route Selectors

  Route selectors enable you to apply a policy route to specific combinations of users and multiple websites. This means that you can consolidate complex policies into fewer routes, without having to apply them multiple times.

  For example, a route selector can specify that the policy applies only to a connection from anybody in User List 1 to Internet Zone 2.

  A route selector is the combination of From and To endpoints that define how the policy route should be applied between those endpoints. Show me an example:

  You have configured two lists of users that you want to apply policy for:

  • UserListA (A)

  • UserListB (B)

  You then create a policy route that Secure ICAP Gateway will apply if the following route selectors are matched:

  • From UserListA To Gambling (C)

  • From UserListB To Security Risk (D)

  If the following route selectors are matched, Secure ICAP Gateway will not apply this policy:

  • From UserListA To Security Risk (D)

  • From UserListB To Gambling (C)

  

How do I...

• View or edit the content rules applied to a policy route?

  View the content rules on any selected policy route by clicking the Show rules check box.

  1. Select a policy route.
  2. Click Edit. The Modify Policy Route page is displayed. Content rules are displayed in priority order in the Unless One of These Content Rules Triggers section.

  3. Select a content rule. Click Edit to change the behavior of the rule, or click New to add a new rule to the policy route.

     Changing the behavior of a content rule will affect every policy route to which that rule has been applied.

• View or edit the route selectors applied to a policy route?

  View the route selectors on any selected policy route by clicking the Show Route Selectors check box.

  1. Select a policy route.
  2. Click Edit. The Modify Policy Route page is displayed. Route selectors are displayed in the For Mail Sent section.

  3. Select a route selector. Click Edit to change the behavior of the rule, or click New to add a new route selector to the policy route.

• Print a policy route?

  You can display a list of your policy routes, with all content rules that have been applied to them, on a single printable web page. This can be useful when you are establishing your security policy and want to review the policy routes.

  Click Show printable version in the task panel.

  See Printing Policy Routes for more information.

• Apply advanced settings?

  The Advanced Settings option in the task panel enables you to set the content rule(s) to be applied if Secure ICAP Gateway finds an issue with badly formatted data or a cryptographic failure.

  By default, the following rules are applied:

  • Processing of request or response fails (Global)
  • Detect Malformed Data

  If you have created other content rules based on the 'Message Processing Fails' or 'Processing of Request or Response fails' content rule template, respectively, you can select one of them instead.

See also...

• Content Rules