Page tree

Contents

A security policy is a set of rules and actions that you define to balance access and constraints so you can mitigate malicious attacks and provide security for your networks.

When you create a new security policy, you first define a network scope to which you add networks, DNS forwarding proxies, and Endpoint groups. BloxOne Threat Defense Cloud applies the security policy to all the entities that you include in the network scope. For information about how to create a network, see Defining Networks. You can also include DNS forwarding proxies to which you want to apply the security policy. For information about DNS forwarding proxies, see Managing On-Prem Hosts. For information about how to create Endpoint Groups, see Creating Endpoint Groups.

After you define the network scope, you can add custom lists, feeds and Threat Insight, category filters, and set a default action to the security policy. You can also specify actions for the added lists, filters, and to determine the precedence order for the entities. You also can specify the Default Action to allow or redirect. For information about policy precedence, see Security Policy Precedence.

Depending on your subscription level, each security policy also comes with a set of predefined threat intelligence feeds and Threat Insight rules that are inherited from the default global policy. You cannot delete the inherited feeds and rules, but you can change their precedence order.

Besides the default threat feeds, you can also add the following to your security policy:

  • Custom Lists: You can add custom lists to complement the threat intelligence feeds. The custom lists can be whitelists or blacklists, depending on the actions that you set upon them. For information about custom lists, see Custom Lists.
  • Feeds and Threat Insight: For each selected feed you can set one action. The action types include: Allow - No Log, Allow - With Log, Block - No Redirect, or Block - Default Redirect. 
  • Category Filters: These are content categorization rules that allow you to detect and filter internet content and traffic that you want to block, allow, log, or redirect. For information about how to configure category filters, see Configuring Category Filters.
  • Default Action: You can set the security policy default to allow or redirect. To modify the default policy rules, see Adding Policy Rules and Setting Precedence.
  • Geolocation: Geolocation can be enabled or disabled for a security policy. Geolocation is disabled by default. For information on enabling or disabling geolocation for security policies, see Enabling and Disabling Geolocation for a Security Policy.
  • Bypass Codes: Bypass codes can be added to a security policy. For information on adding bypass codes to a security policy, see Adding Bypass Codes to a Security Policy.

    Note
    If your default action is set to custom redirect, the requests will not be logged.

    Note
    The total number of user-defined custom lists plus category filters cannot exceed 100.

To configure a security policy, complete the following tasks:

  1. Creating New Security Policies
  2. Configuring Network Scope
  3. Adding Policy Rules and Setting Policy Precedence
  4. Enabling and Disabling Geolocation for a Security Policy
  5. Adding Bypass Codes to a Security Policy
  • No labels

This page has no comments.