Default action

With the Default Action setting in a policy, you can define how unclassified traffic or domains that are not in ETP Threat Intelligence, custom lists, or in an Acceptable Use Policy (AUP) are handled. This action is also used for Acceptable Use Policy (AUP) categories that have no action assigned.
Note: For application visibility and control (AVC), the default action is available in the Access Control area for an AVC configuration. Otherwise, this setting is available in the policy settings. For more information, see Application visibility and control.
In the Default Action menu, you can select from these actions:
  • Bypass. Indicates that traffic bypasses ETP Proxy and is directed to the origin. However, if ETP detects that this traffic is risky, it’s directed to ETP Proxy for analysis.

    This option enables the selective proxy.

  • Classify. Indicates that traffic is directed to ETP Proxy where it's analyzed and assigned a category. ETP Proxy applies a policy action based on the assigned category.

    This option enables the full web proxy.

  • Block - Error Page. Indicates that traffic is blocked and users are shown an error.
Note: The Default Action option is available to organizations that are licensed for ETP Advanced Threat.

Depending on your organization's requirements and the balance your organization must maintain between security, privacy, and user productivity, you can configure ETP policy and the default action option based on one of these scenarios:

  • Scenario 1: Balance security and user productivity (Recommended). If you want to block known threats and scan all other traffic, consider this configuration:
    1. Enable ETP Proxy as a full web proxy.
    2. Block all known threats. You can choose the block action for threat categories and for specific custom lists that contain known threats.
    3. For the default action, select Classify. This action directs all unclassified traffic to ETP Proxy.

      For instructions, see Enable full web proxy.

  • Scenario 2: Allow only known, trusted traffic (walled garden). If you want to block most traffic and grant users access to known, safe websites only, consider this configuration:
    1. Create an exception list that contains the websites that you want users to access.
    2. Block all threat categories.
    3. Block all AUP categories and select Block - Error Page as the default action.

      For instructions, see Custom Exception list and Create a policy.