Select a default action
Complete this procedure to configure the default action for unclassified traffic or for an AUP category with no assigned action. Unclassified traffic is traffic that’s not classified by ETP because it does not appear in any list, including AUP, threat, or custom lists. You can select to block this traffic or have it bypass ETP Proxy. If you are licensed for ETP Advanced Threat, you can choose the Classify action to direct this traffic to ETP Proxy for analysis. For more information, see Default action.
Note: If your organization is participating in the application visibility and control (AVC) beta, the default action policy setting is available from the AUP and Shadow IT tab for Access Control. Otherwise, this setting is available in the policy settings.
In the navigation menu, select
.Note: If you are trying the new Enterprise Center interface, in the navigation menu, select .
If you are adding a new policy:
- On the Policies page, click the plus sign icon.
- Enter a name and description for the policy in the Name and Description field.
To configure a policy with settings from a predefined template, select one of these
templates and click Continue:
- Strict. Contains settings that block known and most suspected threat categories. Select this template to apply settings that are a best practice for a policy.
- Monitor-only. Logs and reports threats but it does not block them. This template is ideal for testing or assessing policy impact before using the Strict template. This template assigns the monitor policy action to all known and suspected threat categories.
- Custom. Lets you define policy actions for known and suspected threats.
- To assign a location, click the link icon, select a location or multiple locations, and click Associate.
- If you are modifying a policy, click the name of the policy that you want to edit.
- Click the Settings tab.
- In the Proxy Settings area, toggle Enable Proxy to on.
Select one of these options for the
Default Action menu:
- To bypass ETP Proxy, select the Bypass action. This action enables the selective proxy. Only risky traffic is forwarded to ETP Proxy for analysis.
- To classify traffic, select the Classify action. This action directs traffic to the full web proxy. This action is available to organizations that are licensed for ETP Advanced Threat.
- To block traffic, select the Block - Error Page action. This action directs traffic to an error page.
- Configure the policy as needed for your organization. To learn more about enabling a selective or full web proxy, see Enable selective proxy or Enable full web proxy.
- Click Save.
Deploy the policy. For instructions see Deploying configuration changes.