Sunday, February 10, 2019

URL Filtering & Identity Awareness Best Practices

URL 
  • Categorize HTTPS Sites
  • Fail Close (for best Security) or Fail open (for best User experience)
     Rule Base Order
  • More Specific rules closer to top
  • More restrictive rules close to top
    White List Policy 
  • Use below order as a template on how to create a policy where you block all traffic by only allow explicit traffic 




The regex wild card section also applies to other areas of whitelisting including URL Filtering.

  • Rule Base Order
    • More Specific rules closer to top
    • More restrictive rules closer to stop


  • White List Policy 
    • Use below order as a template on how to create a a policy where you block all traffic but only allow explicit traffic
Rule 1 – Allow DNS traffic or any other applications that are allowed
Rule 2 – Allow all “White List” URLs and URL categories
Rule 3 - Block any other category for both http and https sites
Rule 4 – Block other traffic other than SSL+Web Browsing
Rule 5 (not listed) – Block all other traffic 



      






  • Regex 
o   Leverage Regex rather than wild cards for Websites.  This will guarantee that all instances of website will get caught.  
§  *.balloons.com will match www.balloons.com and secure.balloons.com, but will not match balloons.com
§  (^|.*\.)?balloons\.com will match all iterations on the website whether or not a prefix is used

·      HTTPS Inspection – Enable HTTPS inspection for full visibility of your environment