Once your ruleset is enabled (ruleset identities added to the ruleset), you can add rules to it. Rules allow you to fine-tune your ruleset, setting actions—allow, warn, block, and isolate—against individual identities and the destinations those identities attempt to access. By default, rules are disabled and must be enabled to come into effect. Rules within a ruleset are evaluated in a top-down manner in the same way that rulesets are. Rules are evaluated until a match is made and then evaluation stops. Prioritize your rules accordingly.
For each ruleset added to the Web policy, rules can be added for the following destination types:
- Applications – Control identity access to selected applications. Application settings organize application-based destinations into categories based on the type of processes or services provided.
- Content Categories – Control identity access to selected Content Categories. Content Categories organize websites (destinations) into categories based on the type of information served by the site; for example, gambling, social networking, or alcohol. For a list of all categories and details for each, see Manage Web Content Categories.
- Destination Lists – Control identity access to specific internet destinations. Before you can add a destination list to a rule, you must first add the destination list to Umbrella. For more information, see Add a Web Destination List.
Note: For a destination list that includes HTTPS URLs, you must also enable HTTPS Inspection and install a CA root certificate. See HTTPS inspection.
For more information about rulesets, see Add a Ruleset to the Web Policy.
By default, rules are disabled and must be enabled after they are saved to come into effect. Only enabled rules are evaluated.
- Click Add Rule and under Rule Name give your rule a good meaningful name.
- Under Action, from the drop-down list, choose Allow – Security Enforced, Warn, Block, or Isolate.
This is the"action" applied to destinations for this rule's identities.
For Allow – Security Enforced, Umbrella's security features are enforced and Umbrella blocks access to known malicious destinations even when allowed by the rule.
For Warn, Umbrella displays a Warn page that a user must click through before accessing a requested destination. When selected, the destination types Application Settings and Destination Lists are unavailable.
For Isolate, Umbrella creates a virtual browser that hosts requests to destinations by the rule's set identities.
a. If Allow – Security Enforced is chosen, click Override Security to override Umbrella's enforced security, including File Analysis settings, File Type Control, the ruleset's Security Settings, and allow identity access to a suspected malicious site.
Note: Override Security is unavailable if the rule includes content categories.
- Under Identities, click Add Identity, select identities that will use this rule, and click Apply.
Enable Inherit Ruleset Identities to select all rule identities to match all current and future ruleset identities. For more information, see Add a Ruleset to the Web Policy.
- Under Destinations, configure destinations:
a. Click Add Destinations and optionally choose Application Settings.
Unavailable if the Rule Action is Warn. For more information about Application Settings, see Manage Application Settings.
Note: You must enable HTTPS inspection to enforce Application settings. As well, if not already done, you must also download and install a CA root certificate. For more information, see Manage Certificates.
b. Select applications and click Apply.
If you have previously created an Application setting, you can select it from the top most pull-down and then click Apply.
c. Click Add Destinations and optionally choose Content Categories.
For more information about Content Categories, see Manage Content Categories.
d. Select content categories and click Apply.
If you have previously created a Content Category setting, you can select it from the top pull-down and then click Apply.
e. Click Add Destinations and optionally choose Destination List.
Unavailable if the Rule Action is Warn.
Note: Before you can add a destination list as a rule, you must first add the destination list to Umbrella through Umbrella's Policy Components section. For more information, see Add a Web Destination List.
f. From the pull-down menu, choose a destination list and click Apply.
- Under Rule Configuration, click Change Schedule, configure when this rule applies and then click Apply.
Note: Umbrella automatically takes daylight savings into consideration when determining time.
- Time Zone—The time zone against which Time is determined. This means that it is not the local time of the identity that is used to determine when an Action occurs, but rather the time of the selected time zone.
- Time—The time—calculated from the selected Time Zone—within which the selected action occurs. When configuring Time, note that the time 23:59 runs to the end of the minute.
- Days—The days within which the selected action occurs.
Click Reset to clear all schedule settings.
If you have previously created a Schedule setting, you can select it from the top pull-down and then click Apply. For more information, see Add a New Schedule Setting.
b. When Isolate is selected as the rule action, you have the option to change security settings. Click Change Security.
Note: When a security category is chosen, the rule will only isolate destinations selected that are within the security category.
Select the security categories to isolate and click Apply. The selected categories will override any security categories in the ruleset, for this rule.
- Click Save.
Your new rule is saved and enabled for the ruleset within which it has been added.
- Enable the rule.
a. From the Action menu, enable Enable Rule.
Tip: Before enabling rules, prioritize them. When a ruleset has multiple enabled rules, they are evaluated in a "top-down" manner. The top listed rule first and then the next and so on until a match is made. Order—drag and drop—your rules accordingly so that rules are evaluated in the order you expect.
b. Click Update and then confirm the change.
The rule is enabled.
Updated 28 days ago