Policy conflicts

Policy conflicts may occur if multiple lists are assigned to a policy and those lists contain matching or overlapping domain names, IP addresses, or URLs. When conflicts exist, ETP uses the following logic to determine the policy action.

Based on Priority

If domains and IP addresses are configured in multiple lists with conflicting actions, ETP selects the action based on this priority:
  1. Bypass
  2. Block
  3. Monitor
  4. Classify
  5. Allow
For example, if the following lists are assigned to the same policy and a user goes to bar.com, the Bypass action prevails, because it has higher priority.
  • List 1 is set to Block bar.com.
  • List 2 is set to Bypass bar.com.

Based on Longest Domain/URL Match

If the same domain is specified in multiple lists using different suffix lengths, ETP enforces the policy action assign to the longest matching address. For example, if the following lists are assigned to the same policy and a user goes to foo.bar.com, the Monitor action prevails, because it satisfies the longest matching address.
  • List 1 is set to Block bar.com.
  • List 2 is set to Monitor foo.bar.com.