Overview
You define your content security policy from the Policy menu. The content security policy determines the content that is allowed to flow between websites and your organization, and it comprises a number of combined components. You create this policy by adding content rules and other policy references to Web Policy Routes. Web Policy Routes defines traffic between two points. The first point identifies entities within your organization by using policy references, such as User Name Lists and Machine Lists. The second point identifies groups of websites known as Internet Zones, which is another policy reference in Secure Web Gateway.
When data flows through the
In addition to Web Policy Routes, you can configure Global Web Policy and HTTPS Policy.
|
When you peer Secure Web Gateway with other types of Gateways, you will see features in one that are only supported in the other. For more information, see Peer Gateways. |
Content security policy FAQ
-
Why do I
need to apply my policy?
Secure Web Gateway does not act on changes to its policy or settings, until an administrator applies the configuration. Having to apply the configuration means that there is control in the change process. It also ensures that changes to the configuration are audited.
-
How should I prioritize my content rules?
Content rules are applied in the numbered order displayed on the policy route. You should typically use more specific content rules later in the list.
-
When does a content rule trigger, and what effect does this have?
A content rule triggers if the
If one or more content rules are triggered, Secure Web Gateway performs the rules' What To Do? actions on the
The priority of the content rules is determined by the order in which they are listed in the policy route. -
The
With some additional actions, such as Generate An Inform, you can specify that Secure Web Gateway should perform the additional action only if the rule's
-
-
Why does a policy route need a default action?
Secure Web Gateway uses the default action for web content on a route that does not trigger any of the content rules.
-
What is the difference between What To Do? action,
What To Do? consists of Priary Action and What Else To Do? action. Primary Action specifies how the web content is handled. For example, whether it is allowed or blocked. What Else To Do? action is a subsequent step after the Primary Action has been applied. For example, you might Generate An Inform.