Configure Web Filtering Policy

Objective: Configure the Web Filtering Policy

Tasks

Use to your real (non-remote) desktop for the following sections

Login to your Skyhigh cloud tenant

  • Return to the Skyhigh Cloud browser tab (or log in again )

Access your Web Policy Tree

  1. On your local machine (not the remote desktop), return to the Skyhigh Cloud browser tab (or log in again )
  2. From the top navigation bar, navigate to Policy > Web Policy > Policy Web Policy Navigation Web Policy Navigation

View and modify the web filtering policy

  1. From the Web Policy tree on the left, navigate to Web Filtering > Category, Reputation & Geo Web Filtering Navigation Web Filtering Navigation
  2. Note the current configuration that will block access to: - Sites in a list of categories you specify (more on this below) - High and medium risk web sites - Uncategorized websites - Sites in a list of countries you specify
  3. Modify the Uncategorized Traffic selector to Allow All
Tip

Uncategorized sites may be used in some testing during this hands on lab. Disabling this allows for simple customization and testing on how Skyhigh Security can work within your organization. Best practice in a production organization is to not allow all uncategorized sites.

  1. Click the three dots next to the category blocking section and click Edit List Navigate Category Blocks Navigate Category Blocks
  2. A pane will open fron the right hand side of your screen showing the URL category catalog and which items are currently blocked. Use the Actions button to explore the list of available categories. URL Category Catalog URL Category Catalog
  3. Check the Drugs, Games / Gambling and Mature / Violent categories and click Done and then Save
  4. When you make any changes to your policy, a yellow shield will appear at the top of your screen and prompt you to Publish or Discard your changes. Publish your changes now. Publish Changes Publish Changes
Tip

From many policy editing pages, you can enable Code View which will let you see (and edit) the policy logic in source code. We don’t recommend you make changes this way today, but keep in mind that you can use Code View to create custom or complex rules should you need to accomplish something that’s not in the standard console.

Review the HTTPS inspection configuration

  1. From the Web Policy tree, select HTTPS Scanning > HTTPS Conneciton Options'

Navigate HTTPS connection options Navigate HTTPS connection options

  1. In the HTTPS Connection Feature pane, click the settings cog next to the name of the policy (HTTPS Connection Options), then hover over the Customer CA option, before clicking View/Edit

HTTPS CA Configuration HTTPS CA Configuration

HTTPS CA Configuration HTTPS CA Configuration

  1. Under the Customer CA section, notice how the certificate matches the CA which had signed the certificate you inspected in the Verify Web Access section? Click the blue See Details text to see more of the certificate contents.

Customer CA Customer CA

  1. Press cancel to return to the policy configuration.