Add a Chromebook Specific Web Policy Ruleset
Add a Chromebook-specific ruleset to the Web policy and protect all Chromebook devices connected to your network. Once added, place this Chromebook-specific ruleset at the top of your ruleset list, so that it is evaluated first. This ensures that this Chromebook-specific ruleset is applied to your Chromebooks before any other ruleset is evaluated. For more information about the Web policy, see Manage the Web Policy.
Note: To maintain end-user privacy when Chromebooks are connected at remote locations, you can also disable Content Logging and include only security-related events in your reporting.
Table of Contents
- SWG Umbrella Chromebook client deployed. See Deploy the SWG Umbrella Chromebook Client.
- Cisco Umbrella root certificate or a certificate signed by your CA installed — To avoid certificate errors when accessing an Umbrella block page, you must install either the Cisco Umbrella root certificate or a certificate signed by your CA on all your Chromebooks. See Manage Certificates.
- Full admin access to the Umbrella dashboard. See Manage User Roles.
Procedure
- Navigate to Policies > Management > Web Policy and click Add.
- Under Ruleset Settings, configure settings as needed.
a. For Ruleset Identities, click Edit.
Note: You must add identities to the ruleset to enable the ruleset.
b. Select G Suite OUs, G Suite Users, and Chromebooks identities as required and click Save.
Each Chromebook is identified and listed by the email used to log into that Chromebook.
- G Suite OUs — To apply a Web ruleset to one or more G Suite Organizational Units
- G Suite Users — To apply a Web ruleset to one or more Chromebook users
- Chromebooks — To apply a Web ruleset to one or more Chromebook devices.
- Continue through Ruleset Settings, edit settings as needed and then click Save. For more information, see Add a Ruleset to the Web Policy.
- Add rules to your ruleset. See Add Rules to a Ruleset.
Rules allow you to fine-tune your ruleset, setting what action—allow, warn, block, or isolate—takes place when an identity attempts to access a destination.
a. For Identities, click Add Identity, select G Suite OUs, G Suite Users, and Chromebooks identities that will use this rule, and then click Apply.
You must select at least one identity.
- Continue through the rule and then to save it.
Your new rule is saved for the ruleset within which it has been added. While now saved, your rule is not yet enabled and as such is ignored when Umbrella evaluates the Web policy against requests. You must enable the rule. - Enable the rule.
By default, rules are disabled and must be enabled to come into effect.
a. From the Action menu, enable Enable Rule.
Tip: Before enabling rules, prioritize them. When a ruleset has multiple enabled rules, they are evaluated in a "top-down" manner. The top listed rule first and then the next and so on until a match is made. Order—drag and drop—your rules accordingly so that rules are evaluated in the order you expect.
b. Click Update and then confirm the change.
The rule is enabled.
Deploy the SWG Umbrella Chromebook Client < Add a Chromebook Specific Web Policy Ruleset > Integrate the G Suite Identity Service
Updated about 2 months ago