How policy is applied to routes

Policy routes are processed according to the order they appear on the Manage Policy Routes page.

Content rules are also prioritized within a policy route and processed according to the order in which they are listed.

How the To and From endpoints work

Assuming that you have configured two user name lists:

Users A and Users B

You may want to set up a policy to check the traffic between the above users and the following two Internet zones:

Gambling (C)
Security Risk (D)

You then create four policy routes and define the From and To endpoints as follows:

From	To	When a traffic matches the defined From and To endpoints...
Users A	Gambling (C)	The traffic will be processed according to the policy route.
Users B	Security Risk (D)
Users A	Security Risk (D)	The policy route will not be applied to the traffic.
Users B	Gambling (C)	The policy route will not be applied to the traffic.

Example

As routes are checked from the top of the table to the bottom:

Traffic from Everyone to Trusted Sites will be allowed automatically. The content will be fetched from the site without being checked for the presence of embedded threats.
Traffic from Everyone to Security Risk will be blocked automatically. No content will be fetched from these sites and any rules on the route will not be performed. This blocking action is repeated for a number of routes.
Traffic from Everyone to Gambling will be blocked automatically. However, the route has a block page that can be overridden. This is indicated by the icon.
Traffic from Everyone to Non-Business Related will be blocked automatically. However, the route has a block page that can be overridden. This is indicated by the icon. The route also has a Time policy applied to it, limiting access to the Internet Zone, for example, only allow access during lunch periods. This is indicated by the icon.
Traffic from Everyone to Chat & Instant Messaging will be allowed automatically, providing none of the associated content rules are triggered.
All other HTTP and browser FTP traffic will be allowed, providing none of the associated content rules are triggered.

General considerations

You should remember that when a route has been satisfied the remaining routes are ignored. For example, when considering the route list as described in the above section, if traffic matches the route Everyone to Security Risks, any content rules for the route will be applied after which no further routes are processed. Therefore, when creating and positioning routes, you need to consider the following:

Routes that allow or block access to particular zones should be placed at the top of the table.
Below this, establish the most stringent acceptable use policy for allowing traffic that does not match another route.
Routes for individuals or groups that are created to exempt them from rules should be placed higher in the table.

How policy is applied to routes

How the To and From endpoints work

Example

General considerations

See also...