Complete this procedure to configure the
default action for unclassified traffic or for an AUP category with no assigned action.
Unclassified traffic is traffic that’s not classified by ETP because it does
not appear in any list, including AUP, threat, or custom lists. You can select to block this
traffic or have it bypass ETP Proxy. If you are licensed for ETP Advanced Threat,
you can choose the Classify action to direct this traffic to ETP Proxy for
analysis. For more information, see Default action.Note: If you are using the application visibility
and control (AVC) feature, the default action policy setting is available from the
AUP and Shadow IT
tab for Access Control. Otherwise, this setting is available in the policy settings.
How to
-
In the navigation menu, select
.
Note: If you are trying the new
Enterprise Center interface, in the navigation menu, select .
-
If you are adding a new policy:
-
On the Policies page, click the plus sign icon.
-
Enter a name and description for the policy in the Name and Description
field.
-
To configure a policy with settings from a predefined template, select one of these
templates and click Continue:
- Strict. Contains settings that block known and most
suspected threat categories. Select this template to apply settings that are a
best practice for a policy.
- Monitor-only. Logs and reports threats but it does not
block them. This template is ideal for testing or assessing policy impact before
using the Strict template. This template assigns the monitor policy action to all
known and suspected threat categories.
- Custom. Lets you
define policy actions for known and suspected threats.
-
To assign a location, click the link icon, select a location or multiple locations,
and click Associate.
-
If you are modifying a policy, click the
name of the policy that you want to edit.
-
Click the Settings tab.
-
In the Proxy Settings area, toggle Enable Proxy to on.
-
Select one of these options for the
Default Action menu:
-
To bypass ETP Proxy, select the
Bypass action.
This action enables the selective proxy. Only risky traffic is forwarded to ETP Proxy
for analysis.
-
To classify traffic, select the
Classify
action. This action directs traffic to the full web proxy. This action is available to
organizations that are licensed for ETP Advanced Threat.
-
To block traffic, select the
Block - Error
Page action. This action directs traffic to an error page.
-
Configure the policy as needed for your
organization. To learn more about enabling a selective or full web proxy, see Enable selective proxy or Enable full web proxy.
-
Click Save.
Next steps
Deploy the policy. For instructions see
Deploying configuration changes.