Add or edit a policy

The Policy tab provides access to all policies configured for your service. Use the tab to view and edit existing policies, or create new policies.

Under All Policies, a table displays the policies for your account. To add or edit a policy:

Steps

  1. Go to the Policy tab.
  2. In the All Policies panel, select an existing policy to edit it, or click New to create a new policy.
    Use the More menu beside a policy to add a new policy before or after an existing policy, or to delete the policy.
  3. Click Edit to give the policy a name, and optionally enter a Description.
  4. Click the Applies to setting to define the local traffic sources to which the policy will apply.
    Policies can be applied to:
    • Sites: the policy applies to traffic directed to the service via the selected site's tunnel connections.
    • All Users: the policy applies to traffic directed to the service by the Forcepoint Web Security Endpoint, which identifies users to the service.
    • Any: the policy applies to traffic from any source.
    Note: If you do not add a source, the default entry of ANY is used.
    Click the Type or click to select field and begin typing to search for an available site, or click Sites to select available sites from a list. Repeat the process to add all required sources for the policy.
    You can remove a traffic source from the policy by clicking the Remove button. Apply the policy to traffic from any source, or to all users, by clicking Set to Any or Set to All Users.
    Note: If you apply a policy to Any source, then the policy will match all traffic processed by the policy, and no further policies will be checked.
  5. Set the Default TLS inspection setting for the policy:
    • Decrypt: secure traffic will be decrypted. You must deploy the Forcepoint root certificate to client machines.
    • Do not decrypt (default): secure traffic will not be decrypted. This traffic cannot be fully inspected.
    Note: This setting will be inherited as the default setting for all policy stages. The TLS inspection setting can be changed for specific policy rules and exceptions.
  6. Under Policy Summary, click a policy stage to edit that policy stage for editing.
  7. When you have finished, click Save. The policy will not become active until it is deployed.