Policy configuration To protect your network against threats arising from the web, Web Gateway enforces a web security policy, which is implemented during the initial setup. You can configure this policy later on to adapt it to your requirements. When performing this configuration, you are dealing with several fields of web security that your policy should cover. You can also extend the filtering process and make it suitable for cloud use. Web security policy A web security policy is made up of rules, which are grouped in rule sets on Web Gateway. When a situation arises where a rule applies, it performs an action to handle this situation. The situation can be an immediate threat, for example, a virus in a file that a user who works within your network attempts to download. In this case, the rule would block the attempt. Other situations might be that a user requests access to an online shopping site during work hours or tries to download a very large streaming file. Both activities could be blocked by suitable rules. You can modify all rules on Web Gateway to let them perform the actions that you consider appropriate. Fields of web security A web security policy usually covers different fields of web security. Such fields are, for example: Anti-malware filtering — Protects your network against viruses and other malware URL filtering — Controls access to web objects based on URLs, for example, to block inappropriate content Media type filtering — Controls access to web objects based on media types, for example, to prevent users from downloading media that consume overmuch bandwidth Different fields of web security are usually covered by different rule sets on Web Gateway. Some fields are already covered by default rule sets after the initial setup. The following are, for example, provided here: Gateway Anti-Malware rule set — Enables protection against viruses and other malware by invoking anti-malware engines for scanning web objects URL Filtering rule set — Enables control of web access by evaluating URLs of web objects with regard to categories and reputation scores retrieved from threat intelligence systems. Media type filtering rule set — Enables control of web access by detecting the media types that web objects belong to. You can extend the coverage for these fields and also include additional fields by importing rule sets from a built-in or an online library. Cloud use The rules of your web security policy are applied to the traffic that is created by the web usage of the users of your organization. Unless you configure it differently, however, the rules are only applied to the web usage of those users who access the web from inside your local network. This kind of usage is also known as on-premise use. You can, however, enable one or more rule sets for cloud use. This means that the rules in these rule sets are also enforced when users of our organization access the web from outside your local network. Filtering process The activities that are performed by rules on Web Gateway can be seen as parts of a comprehensive filtering process. This process filters web traffic that is caused by the web usage of the users within your network. The process blocks attempts to access the web that do no comply with your web security policy and allows those that are compliant. The process is performed in different cycles. Request cycle — Filters requests for web access submitted by users in your network Response cycle — Filters responses to requests sent by web servers to your network Embedded object cycle — Filters embedded objects, for example, files or archives, sent embedded in requests or responses. Only one filtering cycle is going on at a particular point in time on Web Gateway. The rule sets of your web security policy can be differently configured with regard to these cycles. A particular rule set can apply to all cycles, or only to one, or to any combination of them. Working with rules A web security policy is implemented on Web Gateway, which includes various rules. When a situation arises where a rule applies, it performs an action. You can configure this policy by modifying its rules to adapt them to the needs of your organization. Rule sets Rules are grouped and included in rule sets on the appliance. A rule can never stand on its own, it must be included in a rule set. Default rule set system Several rule sets that cover important fields of web security are by default implemented in the rule set system of a on the appliance after its initial setup. Rule set libraries The built-in and online libraries provide rule sets for importing into your rule set system. Rule set views The user interface provides two kinds of views for a particular rule set, the key elements view and the complete rules view. Access a rule set Access a rule set on the user interface of Web Gateway to work with its rules and their elements. Configure a key rule element Configure a key element of a web security rule. Configure a rule element in the complete rules view The following is a sample task for configuring an element of a web security rule in the complete rules view. Filtering process A filtering process is performed on the appliance that uses the implemented rules to ensure web security for your network. Working with Web Gateway using a browser without Java support You can work with the interface of Web Gateway through a browser that requires no Java support.