Device Configuration : Protect : Web : Policies : Add Policy
Add Policy
1. Go to Device Configuration > Firwall > Web > Policies and click Add Policy.
2. Type a name.
3. Click Add Rule.
To use an existing rule as a template for a new rule, click the menu button and select Clone.
The firewall creates a default rule that blocks all web traffic for all users. The default rule is disabled.
4. Specify users.
* These include groups and individual users.
a. In the new rule, move the pointer over the user field and click Add New Item.
b. Select users.
You can filter the type of users to display by clicking Show Only and selecting a user type.
c. Click Apply selected items.
5. Specify activities.
* These include user activities, categories, URL groups, file types, and dynamic categories.
a. Move the pointer over the activity field and click Add New Item.
b. Select activities.
You can filter the type of activities to display by clicking Show Only and selecting an activity type.
c. Click Apply selected items.
6. In the Action list, specify an action to take when the firewall encounters HTTP traffic that matches the selected criteria .
* Choose from the following options (where permitted by the action type):
Options
* Allow
* Warn
* Block
7. (Optional) Specify an action to take when the firewall encounters HTTPS traffic that matches the selected criteria.
* Follow these steps only if you want to specify an action for HTTPS traffic that is different from the one you specified for HTTP.
a. Move the pointer to the right of the Action drop-down list box.
The firewall displays the HTTPS Use Action action drop-down list box.
b. Select an option.
HTTPS Use Action
Use Action: Select this option to use the same action that is currently in effect for HTTP traffic. If you specify a different HTTP action at a later time, HTTPS action will also use that action.
Allow: Always allow HTTPS traffic that matches the selected criteria.
Warn: Always display a warning message when encountering HTTPS traffic that matches the selected criteria.
Block: Always block HTTPS traffic that matches the selected criteria.
8. Move the pointer over the Constraints field and select a schedule.
You can create a new schedule by clicking Create new and specifying criteria.
9. Click the on/off switch to enable the rule.
10. Click and drag the rule handle to position the rule in the hierarchy.
The firewall evaluates rules from highest to lowest. For example, a rule that allows all traffic that precedes a rule that restricts a specific type of traffic takes precedence and the subsequent rule is ignored.
11. Click Advanced Settings and specify settings for the policy.
Enable logging and reporting
Include this policy in logs and reports.
Prevent downloading of large files
Prevent downloading files greater than the size specified.
Restrict login domains for Google Apps
Restrict logging in to Google Apps only on the domains specified.
Enable YouTube for Schools
Restrict YouTube content to videos on YouTube for Schools (a limited EDU-only site) and to those uploaded using the ID specified.
* You must have a YouTube school ID to use this setting.