Default action

With the Default Action access control setting in a policy, you define how unclassified traffic or domains that are not in ETP Threat Intelligence, custom lists, or defined with application visibility and control (AVC) are handled.

In the Default Action menu, you can select from these actions:
  • Bypass. Indicates that traffic bypasses ETP Proxy and is directed to the origin. However, if ETP detects that this traffic is risky, it’s directed to ETP Proxy for analysis.

    This option enables the selective proxy.

  • Classify. Indicates that traffic is directed to ETP Proxy where it's analyzed and assigned a category. ETP Proxy applies a policy action based on the assigned category.

    This option enables the full web proxy.

  • Block - Error Page. Indicates that traffic is blocked and users are shown an error.

For information on configuring the default action as part of AVC, see Application visibility and control and Configure application visibility and control

Depending on your organization's requirements and the balance your organization must maintain between security, privacy, and user productivity, you can configure ETP policy and the default action option based on one of these scenarios:

  • Scenario 1: Balance security and user productivity (Recommended). If you want to block known threats and scan all other traffic, consider this configuration:
    1. Enable ETP Proxy as a full web proxy.
    2. Block all known threats. You can choose the block action for threat categories and for specific custom lists that contain known threats.
    3. For the default action, select Classify. This action directs all unclassified traffic to ETP Proxy.

      For instructions, see Enable full web proxy.

  • Scenario 2: Allow only known, trusted traffic (walled garden). If you want to block most traffic and grant users access to known, safe websites only, consider this configuration:
    1. Create an exception list that contains the websites that you want users to access.
    2. Block all threat categories.
    3. Block all AUP categories and select Block - Error Page as the default action.

      For instructions, see Add a custom exception list and Create a policy.