Scoping policy to specific traffic You can limit the scope of each rule set by selecting and configuring criteria such as Location, Client IP, and User Groups. For example, you can select a location named Europe that you define during setup and specific that a rule set only applies to web traffic inside that region. By default, the rules in the rule sets apply to all web traffic. You can limit the scope of each rule set by configuring the following criteria: Client IP - IP address of the endpoint. Connection IP - IP address of the firewall or other device between your organization's network and the cloud (your public IP address). Location - Any location name defined in the web policy. User Group - Groups that the user making the web request is a member. User Name - Name of the user making the web request.