Standard setting	Reason
Policy-specific PAC file should be used by default.	Allows cloud service to change cluster IP addresses without impact to your service.

Standard setting	Consider changing if...
There are no custom categories by default.	You want to create your own custom categories, each of which comprises a set of websites, for your users.

Standard setting	Consider changing if...
Standard protocols are provided by default.	You want to create your own custom protocols.

Standard setting	Reason	Consider changing if...
Access Denied page displays by default when a policy denies access to a resource. Other standard include error, Cannot connect, HTTP authentication required, and more.	User needs to know why the requested page is not displaying.	You want a custom notification message. You can edit the default messages or create your own from scratch.

Standard setting	Reason	Consider changing if...
Afternoon Lunch Morning Working hours	These are the most common time periods our customers use.	You want to set up alternate time periods for your users. You can edit a time period or add a new time period.

Standard setting	Consider changing if...
There are no default policy-level domains. When you add one, Include sub-domains is ON. Associate this domain with all policies is OFF.	You have multiple domains and want to apply a separate policy to each domain.

Standard setting	Consider changing if...
Policy name: default Administrator: email address used to register account PAC file: policy-specific PAC file address Time zone: time zone indicated during registration Time-based access: off	You want to rename your policy to something more meaningful. You are establishing a policy for remote users. Your users are in a different time zone. You want to configure time-based access. You want to apply different authentication methods to different geographical locations.

Standard setting	Reason	Consider changing if...
By default, all users are treated as remote and must authenticate to use the service.	This gives you the tightest security until you configure your own connections.	If most users are connecting through a single IP address or IP range. In this case, add one or more proxied connections for your policy. Add a non-proxied destination when you want to avoid connecting via our proxy service.

Standard setting	Reason	Consider changing if...
By default, all users are treated as remote and must authenticate to use the service.	This gives you the tightest security until you configure your own connections.	You want to monitor user activity without requiring an additional login. You want to use Windows authentication to govern access. (Choose NTLM identification.) You want to authenticate users and you do not have Active Directory. You want to use a web endpoint client or single sign-on.

Standard setting	Reason	Consider changing if...
By default, endpoint deployment is disabled.	You must choose: Whether you want to use an endpoint client Which endpoint client to use How to deploy the endpoint client	You want to deploy the Proxy Connect endpoint from the cloud. You want to automatically update one or more endpoint clients to new versions when available.

Standard setting	Consider changing if...
By default, end users are expected to self register, but they must be in your domain.	You have a list of users and email addresses that you can upload. In this case bulk register end users to save them time. If you have end users outside of your domain, invite them to register.

Standard setting	Reason	Consider changing if...
No files are blocked by default.	You must select which file types and extensions are blocked for categories.	You want to block certain file types for particular categories, users, and groups.

Standard setting	Consider changing if...
Malware is blocked both inbound and outbound by default. Executables are blocked outbound by default. Real-time classification provided by the Advanced Classification Engine is on if available. Inbound antivirus analysis is enabled for sites with elevated risk profiles. File type analysis is enabled for suspicious and unrecognized files.	Some users require inbound executables. You do not want to block outbound traffic. You want to refine or disable real-time classification. You want to refine or disable antivirus analysis. You want to refine or disable file type analysis.

Standard setting	Consider changing if...
Default policy blocks access to offensive and adult sites, allows news and entertainment sites, offers no blocklists or allowlists.	You want to customize the default policy to align with your company's acceptable use policy. You want to decrypt SSL requests for all or specific web categories.

Standard setting	Consider changing if...
Default policy allows or blocks a protocol based on protocol database default values.	You want to add custom protocols to align with your company's acceptable use policy.