You can create a policy route to extend your content security policy. Policy routes determine how your policy is applied to your network. For example, in Secure ICAP Gateway, you might want to prevent all users within your organization from accessing 'Security Risk' sites. In this case, you require a Web policy rout which connects 'Everyone' to 'Security Risk' with the default action, 'Block'.
Create a Web Policy Route
| Before you create a policy route, you need to create Policy References, such as User Name Lists, Machine Lists and Internet Zones for users, client machines, as well as the groups of URLs on the Internet that are part of the route. For example, you might want to create a machine list for a particular department within your organization. You can then create a policy route that references this list. |
-
Navigate to Policy > Manage Policy Definition > Web Policy Routes. The Manage Policy Routes page is displayed.
-
Click
New. The Add a New Route dialog is displayed, listing the types of policy route. -
Select Web and click Add. The Modify Policy Route page is displayed.
-
In the Overview panel, click Click here to change these settings. Edit the Name and Notes of the policy route as required, and click Save.
-
In the Traffic panel, click
New to define the From and To endpoints. The Add Route Selector dialog is displayed. For the From endpoint, select the user name list(s) or machine list(s). For the To endpoint, select the Internet zones. Click Add.The policy route from 'Everyone' to 'Trusted Sites' is used to categorize automatic update servers used by, for example, Microsoft.
Disabling this route can cause any automatic updates to fail. It is recommended that you do not disable this route.
You can use an option in the task panel to create a new user name list, machine list or an Internet zone.
If required, you can add multiple route selectors for one endpoint. For example, you can select two machine lists for the From endpoint.
-
In the By Default Perform This Action panel, click Click here to change these settings to configure the default action. Select an action from the drop-down menu and click Save.
You can also specify a block page to use with the selected action.
-
Apply content rules to the policy route. In the Unless One Of These Content Rules Triggers panel, click
New to add a content rule. -
If required, change the order of the content rules. Content rules are prioritized within a policy route and processed according to the order in which they are listed. This means that the order determines which action is performed primarily when a traffic triggers more than one content rule.
Select the content rule and adjust its order, using
and 
. -
Apply the configuration.
Edit a Web Policy Route
| Changing the behavior of a content rule will affect every policy route to which that rule has been applied. |
-
Navigate to Policy > Manage Policy Definition > Web Policy Routes. The Manage Policy Routes page is displayed.
-
Select the policy route you wish to modify and click
Edit. The Modify Policy Route page is displayed. -
Modify the Overview, Traffic, By Default Perform This Action and Unless One Of These Content Rules Triggers panels as required. Click Save on each panel to save your changes.
-
Apply the configuration.
Delete a Web Policy Route
| This procedure permanently removes the policy route. To temporarily stop using a route, you can disable it. See Disable or enable a policy route for more information. |
-
Navigate to Policy > Manage Policy Definition > Web Policy Routes. The Manage Policy Routes page is displayed.
-
From the list of defined policy routes, select the route you wish to delete and click
Delete. -
Click Yes in the Confirm Delete dialog to confirm the removal.
-
Apply the configuration.
|
If you change any configuration or policy settings, you must Apply Configuration for the new settings to take effect. You can do this either from the Changes Made panel, or System > Configuration > Apply Configuration. See Apply new configuration for more information. If you use |