With the Default Action access control setting in a policy, you define how unclassified traffic or domains that are not in ETP Threat Intelligence, custom lists, or defined with application visibility and control (AVC) are handled.
- Bypass. Indicates
that traffic bypasses ETP Proxy and is directed to the origin. However, if
ETP detects that this traffic is risky, it’s directed to ETP Proxy for analysis.
This option enables the selective proxy.
Indicates that traffic is directed to ETP
Proxy where it's analyzed and assigned a category. ETP Proxy applies a policy
action based on the assigned category.
This option enables the full web proxy.
- Block - Error Page. Indicates that traffic is blocked and users are shown an error.
Depending on your organization's requirements and the balance your organization must maintain between security, privacy, and user productivity, you can configure ETP policy and the default action option based on one of these scenarios:
- Scenario 1: Balance security
and user productivity (Recommended). If you want to block known
threats and scan all other traffic, consider this configuration:
- Enable ETP Proxy as a full web proxy.
- Block all known threats. You can choose the block action for threat categories and for specific custom lists that contain known threats.
- For the default action,
select Classify. This action directs all unclassified traffic to ETP
For instructions, see Enable full web proxy.
- Scenario 2: Allow only known, trusted traffic (walled garden). If you want to block most traffic and grant users access to known, safe websites only, consider this configuration: