02-25-2021 07:14 AM
I have a bunch of custom URL categories set up to either block or allow. If all of them are in the Global Access Policy with the correct action, do they need to be specifically added to other access policies? Some of our policies have them included, some do not. For example, we have a blocked malicious URL category set up to block in the Global policy. It is also included in other access policies with the option of "Use Global Settings". Is this needed or can I exclude it at this level as long as it is in the Global Policy?
02-25-2021 07:54 AM
02-25-2021 08:22 AM
Sort of. Say I have "example.com" on the "blocks 2020" list and that list is set to block in the global access policy. If I go into the access policy shown and select Exclude from policy, will the user still be blocked from getting to example.com? I am concerned with the WSA doing too much processing for blocked URLs. If the Global policy will be sufficient, I don't want to have the blocked category listed elsewhere.
02-25-2021 08:49 AM
You have to apply the block in any policy where it might apply. The WSA processes top down on which policy is hit, using whatever you set in the Group column, but the columns DON'T stack... once it picks a policy it processes that policy left to right.
In my policy set below, if "blocks 2020" is in my global policy, for it be blocked in the "Encore Allows" policy, it has to stay there...
And if it needs to be blocked in the "Allowed Bluebeam Studio" list, where I'm allowing categories that are globally blocked, I have to check it there too...
I don't have to block it for the HighBandwidth or Youtube policies because they only get hit if the connection is going to one of those categories.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide