Policy configuration

To protect your network against threats arising from the web, Web Gateway enforces a web security policy, which is implemented during the initial setup. You can configure this policy later on to adapt it to the needs of your organization.

When performing this configuration, you will be dealing with several concepts and processes.

  • Web security policy — A web security policy is made up of rules, which are grouped in rule sets on Web Gateway.

    When a situation arises where a rule applies, it performs an action to handle this situation. The situation can be an immediate threat, for example, a virus in a file that a user who works within your network attempts to download. In this case, the rule would block the attempt.

    Other situations might be that a user requests access to an online shopping site during work hours or tries to download a very large streaming file. Both activities could be blocked by suitable rules.

    You can modify all rules on Web Gateway to let them perform the actions that you consider appropriate.

  • Fields of web security — A web security policy usually covers different fields of web security. Such fields are, for example

    • Protection against viruses and other malware
    • Control of access to web objects with particular URLs
    • Media type filtering to exclude downloads consuming overmuch bandwidth.

    Different fields of web security are usually covered by different rule sets on Web Gateway.

    Some fields are already covered by default rule sets after the initial setup. You can extend the coverage for these fields and also include additional fields by importing rule sets from a built-in or an online library.

  • Cloud use — The rules of your web security policy are applied to the traffic that is created by the web usage of the users of your organization.

    Unless you configure it differently, however, the rules are only applied to the web usage of those users who access the web from inside your local network. This kind of usage is also known as on-premise use.

    You can, however, enable one or more rule sets for cloud use. This means that the rules in these rule sets are also enforced when users of our organization access the web from outside your local network.

  • Filtering process — The activities that are performed by rules on Web Gateway can be seen as parts of a comprehensive filtering process. This process filters web traffic that is caused by the web usage of the users within your network.

    The process blocks attempts to access the web that do no comply with your web security policy and allows those that are compliant.

    The process is performed in different cycles.

    • A request cycles for filtering requests for web access performed by users
    • A response cycle for filtering responses to requests sent by web servers
    • An embedded objects cycle for filtering objects, such as files and archives, that are sent embedded in requests or responses.

    Only one filtering cycle is going on at a particular point in time on Web Gateway.

    The rule sets of your web security policy can be differently configured with regard to these cycles. A particular rule set can apply to all cycles, or only to one, or to any combination of them.