Get Started With Internet Access Rules
Internet access rules specify how traffic to internet destinations should be handled.
Traffic to internet destinations is allowed by default. You must create rules to block access to internet destinations, either for acceptable use or security reasons; to warn users before you allow access; or to isolate specified internet traffic.
- Plan your internet access rule set
Plan your rule set so you get the results you expect. Read the documentation and familiarize yourself with the various components that make up rules. - Create rule components.
You will assemble rules largely from components, for example source, destination, and security control components.
See Components for Internet Access Rules - Specify rule defaults.
New rules will use the default security controls and other settings that you specify on the Rule Defaults page.
See Default Settings for Internet Access Rules - Edit the default internet access rule
Traffic to internet destinations that does not match any other internet access rule in the policy will be handled by the default internet access rule. Traffic that matches this rule is allowed unless it violates configured security controls.
See Edit the Default Access Rules - Add internet access rules
See Add an Internet Access Rule - Review the global settings
Normally you will not change these settings for internet access rules, but you should be familiar with their impact.
See Global Settings for Internet Access Rules. - Ensure that rules match encrypted traffic
See Important! Ensure Rule Matching for Encrypted Internet Traffic. - Review the rule order
Make sure the order of the rules on the Policy page will have the results you expect.
See Edit the Order of the Rules on the Policy Page - Test your internet access rules
Control egress IP address for select SaaS internet destinations
To ensure specific egress IP addresses for traffic to specific SaaS internet destinations outside your network, such as YourCompany.OtherCompany.com, see Zero Trust Access to Internet Destinations.
Using Wildcard Masks on Access Rules < Get Started With Internet Access Rules > Components for Internet Access Rules
Updated about 2 months ago