Default action
With the Default Action setting in a policy, you can define how unclassified
traffic or domains that are not in ETP Threat Intelligence, custom lists, or in an Acceptable
Use Policy (AUP) are handled. This action is also used for Acceptable Use Policy (AUP)
categories that have no action assigned.
Note: If your organization is participating
in the application visibility and control (AVC) beta, the default action is
available in the Access Control area for an AVC configuration. Otherwise, this
setting is available in the policy settings. For more information, see Application visibility and control.
In the Default Action menu, you can select from these actions:
- Bypass. Indicates
that traffic bypasses ETP Proxy and is directed to the origin. However, if
ETP detects that this traffic is risky, it’s directed to ETP Proxy for analysis.
This option enables the selective proxy.
- Classify.
Indicates that traffic is directed to ETP
Proxy where it's analyzed and assigned a category. ETP Proxy applies a policy
action based on the assigned category.
This option enables the full web proxy.
- Block - Error Page. Indicates that traffic is blocked and users are shown an error.
Note: The Default Action option is
available to organizations that are licensed for ETP Advanced Threat.
Depending on your organization's requirements and the balance your organization must maintain between security, privacy, and user productivity, you can configure ETP policy and the default action option based on one of these scenarios:
- Scenario 1: Balance security
and user productivity (Recommended). If you want to block known
threats and scan all other traffic, consider this configuration:
- Enable ETP Proxy as a full web proxy.
- Block all known threats. You can choose the block action for threat categories and for specific custom lists that contain known threats.
- For the default action,
select Classify. This action directs all unclassified traffic to ETP
Proxy.
For instructions, see Enable full web proxy.
- Scenario 2: Allow only known,
trusted traffic (walled garden). If you want to block most
traffic and grant users access to known, safe websites only, consider this
configuration:
- Create an exception list that contains the websites that you want users to access.
- Block all threat categories.
- Block all AUP categories
and select Block - Error Page as the default action.
For instructions, see Create an exception list and Create a policy.