URL
- Categorize HTTPS Sites
- Fail Close (for best Security) or Fail open (for best User experience)
- More Specific rules closer to top
- More restrictive rules close to top
- Use below order as a template on how to create a policy where you block all traffic by only allow explicit traffic
The regex wild card section also applies to other areas of
whitelisting including URL Filtering.
- More Specific rules closer to top
- More restrictive rules closer to stop
- White List Policy
- Use below order as a template on how to create a a
policy where you block all traffic but only allow explicit traffic
Rule 1 – Allow DNS traffic or any other applications that
are allowed
Rule 2 – Allow all “White List” URLs and URL categories
Rule 3 - Block any other category for both http and https
sites
Rule 4 – Block other traffic other than SSL+Web Browsing
Rule 5 (not listed) – Block all other traffic
- Regex
o
Leverage Regex rather than wild cards for
Websites. This will guarantee that all
instances of website will get caught.
§
*.balloons.com will match www.balloons.com
and secure.balloons.com, but will not match balloons.com
§
(^|.*\.)?balloons\.com will
match all iterations on the website whether or not a prefix is used
·
HTTPS Inspection – Enable HTTPS inspection for full visibility of your environment
