Documentation
|
Support
Standard Web Configuration
Standard Web Configuration
The cloud service provides a standard configuration for all web accounts. These are described below. To customize your settings, follow the instructions in
Configuring Web Settings
.
Web > Settings > General
page,
Proxy auto-configuration (PAC)
file settings:
Standard setting
Reason
Policy-specific PAC file should be used by default.
Allows cloud service to change cluster IP addresses without impact to your service.
Web > Policy Management > Custom Categories
page:
Standard setting
Consider changing if...
There are no custom categories by default.
You want to create your own custom categories, each of which comprises a set of websites, for your users.
Web > Policy Management > Protocols
page:
Standard setting
Consider changing if...
Standard protocols are provided by default.
You want to create your own custom protocols.
Web > Policy Management > Block & Notification Pages
page:
Standard setting
Reason
Consider changing if...
Access Denied page displays by default when a policy denies access to a resource. Other standard include error, Cannot connect, HTTP authentication required, and more.
User needs to know why the requested page is not displaying.
You want a custom notification message. You can edit the default messages or create your own from scratch.
Web > Policy Management > Time periods
page:
Standard setting
Reason
Consider changing if...
Afternoon
Lunch
Morning
Working hours
These are the most common time periods our customers use.
You want to set up alternate time periods for your users. You can edit a time period or add a new time period.
By default, all time periods use the
Time Zone
indicate when registering for the service. Change the time zone if your end users are located in a different time zone or multiple time zones.
Web > Settings > Domains
page:
Standard setting
Consider changing if...
There are no default policy-level domains. When you add one, Include sub-domains is ON. Associate this domain with all policies is OFF.
You have multiple domains and want to apply a separate policy to each domain.
Domains added on the Connections tab of a policy are account-level by default. Add one or more policy-level domains if you have multiple domains and want to apply a separate policy to each.
With a policy selected on the
Web > Policy Management > Policies
page:
General
tab:
Standard setting
Consider changing if...
Policy name: default
Administrator: email address used to register account
PAC file: policy-specific PAC file address
Time zone: time zone indicated during registration
Time-based access: off
You want to rename your policy to something more meaningful.
You are establishing a policy for remote users.
Your users are in a different time zone.
You want to configure time-based access.
You want to apply different authentication methods to different geographical locations.
Connections
tab:
Standard setting
Reason
Consider changing if...
By default, all users are treated as remote and must authenticate to use the service.
This gives you the tightest security until you configure your own connections.
If most users are connecting through a single IP address or IP range. In this case, add one or more proxied connections for your policy.
Add a non-proxied destination when you want to avoid connecting via our proxy service.
Access Control
tab:
Standard setting
Reason
Consider changing if...
By default, all users are treated as remote and must authenticate to use the service.
This gives you the tightest security until you configure your own connections.
You want to monitor user activity without requiring an additional login.
You want to use Windows authentication to govern access. (Choose NTLM identification.)
You want to authenticate users and you do not have Active Directory.
You want to use a web endpoint client or single sign-on.
Endpoint
tab:
Standard setting
Reason
Consider changing if...
By default, endpoint deployment is disabled.
You must choose:
Whether you want to use an endpoint client
Which endpoint client to use
How to deploy the endpoint client
You want to deploy the Proxy Connect endpoint from the cloud.
You want to automatically update one or more endpoint clients to new versions when available.
End Users
tab:
Standard setting
Consider changing if...
By default, end users are expected to self register, but they must be in your domain.
You have a list of users and email addresses that you can upload. In this case bulk register end users to save them time.
If you have end users outside of your domain, invite them to register.
File Blocking
tab:
Standard setting
Reason
Consider changing if...
No files are blocked by default.
You must select which file
types and extensions are blocked for categories.
You want to block certain file types for particular categories, users, and groups.
Web Content & Security
tab:
Standard setting
Consider changing if...
Malware is blocked both inbound and outbound by default.
Executables are blocked outbound by default.
Real-time classification provided by the Advanced Classification Engine is on if available.
Inbound antivirus analysis is enabled for sites with elevated risk profiles.
File type analysis is enabled for suspicious and unrecognized files.
Some users require inbound executables.
You do not want to block outbound traffic.
You want to refine or disable real-time classification.
You want to refine or disable antivirus analysis.
You want to refine or disable file type analysis.
Web Categories
tab:
Standard setting
Consider changing if...
Default policy blocks access to offensive and adult sites, allows news and entertainment sites, offers no blocklists or allowlists.
You want to customize the default policy to align with your company's acceptable use policy.
You want to decrypt SSL requests for all or specific web categories.
Protocols
tab (I Series appliance only):
Standard setting
Consider changing if...
Default policy allows or blocks a protocol based on protocol database default values.
You want to add custom protocols to align with your company's acceptable use policy.
Standard Web Configuration
Copyright 2024 Forcepoint. All rights reserved.