Creating Web Filter Policies
Note: This topic applies to the Inverness Release.
Guardian processes web filter policies in order of priority, from top to bottom, until it finds content that matches. When it finds a match, Guardian applies an action of block, allow, whitelist, soft block or limit to quota as configured in the policy.
You can review the default web filter policies on the Guardian > Web filter > Manage policies page and you can change the order by dragging and dropping policies in the list.
You can create custom web filter policies to allow or block specific content, allow access to specific web sites at certain times or apply an acceptable usage policy (AUP) to meet your organization’s requirements.
Creating a web filter policy
| 1. | Go to the Guardian > Web filter > Policy wizard page. |
| 2. | If you are creating a web filter policy in a Multi-Tenant configuration continue below, else skip to step 3. |
| a. | From the Policy drop-down list, choose who this policy belongs to: |
| • | Global, cannot be overridden — This policy must always be enforced. Only the central administrator can edit this policy. |
| • | Specific to <tenant_name> — This policy is owned and applicable to the specified tenant only. Only an administrator from that tenant, or the central administrator, can edit this policy. |
| • | Global, can be overridden — This policy applies to all tenants, but can be overridden at their discretion. However, only the central administrator can edit this policy. |
Note: Each of the following steps must be completed in order to create the policy. If you skip a step, Guardian creates a policy folder in which you can store policies. For more information about policy folders, see Working with Policy Folders .
| 3. | Step 1: Who — From the Available users or groups list, select the users and groups to whom the policy applies. |
Tip: Enter a name or part of a name and Guardian searches for names of users and groups that match.
Click Add and, when you have added all the users and groups, click Next to continue.
| 4. | Step 2: What — From the Available categories or category groups list, select what is to be filtered. |
Multi-Tenant configured systems have the tenant name prefixed to tenant specific categories and category groups.
Tip: Enter the name or part of the name and Guardian searches for content that matches.
Click Add and, when you have selected all the content, click Next to continue.
| 5. | Step 3: Where — From the Available locations list, select where the policy applies. |
Tip: Enter the name or part of the name and Guardian searches for locations that match.
Click Add and, when you have added the location(s), click Next to continue.
| 6. | Step 4: When — From the Available time slots list, select when the policy applies. |
Tip: Enter the name or part of the name and Guardian searches for time slots that match.
Click Add and, when you have added the time slot(s), click Next to continue.
| 7. | Step 5: Action — Choose the action to perform for this policy: |
| • | Create policy folder — Select this action when configuring a policy at a central installation where you need to create policy folders for multiple locations or groups. For more information, see Working with Policy Folders |
| • | Block — Requests to the specified categories and category groups are blocked. |
| • | Allow — Requests to the specified categories and category groups are allowed through. |
Content will be scanned for anti-malware if an anti-malware policy is in place. Guardian may also categorize the content and apply any content modification policies in place. You can use this option to create specific exceptions to broad blocking policies. Another possible use is to prevent over-blocking of diverse content such as news articles, which may fall under a variety of categorizations depending on the type of news article.
| • | Whitelist — When content is whitelisted, Guardian does not examine it any further. Whitelisting is applied early on when Guardian is checking URLs. Content which is whitelisted is not subjected to outgoing filtering or dynamic content analysis. Content modification policies may still be applied, unless the categorization of the original, unmodified URL matches the whitelist. Whitelisting content may help to conserve system resources and prevent unintentional blocking when dealing with trusted content, such as online banking sites or Windows updates. |
Note: Whitelisted content will not be scanned for potential malware.
| • | Soft Block — Requests to the specified categories and category groups require user confirmation before continuing to the content. |
| • | Limit to quota — Select this action to apply a quota when applying the policy. When the policy is applied, Guardian checks the quotas defined on the Guardian > Policy objects > Quotas page and limit access to the requested content based on the quota object’s settings. |
Note: Any content being streamed or downloaded by a user will not be stopped when the user’s quota runs out.
| 8. | Select Enable policy to enable the policy. |
| 9. | Click Confirm. |
Guardian displays the settings you have selected.
| 10. | Review them and click Save to create the policy. |
Guardian creates the policy and makes it available on the Guardian > Web filter > Manage policies page.
| 11. | You must now specify in what order Guardian should apply the policy — see Reordering Web Filter Policies. |