Add or edit an application rule

Use the Applications policy stage to configure rules that filter traffic to and from cloud applications, initiated from within your organization.

Steps

  1. Click a setting within an existing rule to edit it, or click New to create a new rule.
    Use the More menu beside a rule to add a new rule before or after an existing rule, or to delete the rule.
  2. Give the rule a Name, and optionally a Description.
  3. Click the Application setting to define the cloud applications to which the rule will apply.
    Click the Type or click to select field and begin typing to search for an application, or click an application category to select applications from a list. To add the entire category, click Select beside the category name. Repeat the process to add all required applications or application categories for the rule.
    You can remove an application from the rule by clicking the Remove button.
  4. Click the Applies To setting to define the traffic sources to which the rule will apply. If you do not add a source, the default entry of ANY is used: the rule will apply to traffic from any source to which the policy applies.
    Click the Type or click to select field and begin typing to search for an available resource, or click a resource type to select available resources from a list. Repeat the process to add all required destinations for the rule.
    You can click New to define a new resource.
    You can remove a resource from the rule by clicking the Remove button. To reset the source setting, click the Type or click to select field and click Set to ANY.
  5. Select the Action to apply to traffic that matches this rule.
    The available actions are:
    • Allow and bypass: allows matching traffic and bypasses further policy processing stages. Traffic is not decrypted.
    • Block: blocks matching traffic.
    • Continue inspection: allows matching network traffic, and continues processing further policy stages. The request may be blocked by subsequent policy stages.
  6. Set the TLS inspection setting to define whether secure (HTTPS) web requests that match this exception are decrypted for inspection:
    • Do not decrypt: secure (HTTPS) traffic will not be decrypted. This traffic cannot be inspected.
    • Decrypt: secure traffic will be decrypted for inspection. Decrypted traffic is re-encrypted before being routed to the Internet.
    • Default: the TLS inspection setting is inherited from the Default TLS inspection setting for the policy.
  7. When you have finished, click Save.