#interview #troubleshooting #exam #question #answer #zscaler #zia #firewall #dashboard #proxy #malware #security #atp #spyware #sandbox #dlp #url
The URL Filtering policy consists of rules that you define. When you add a rule, you specify criteria, such as URL categories, users, groups, departments, locations, and time intervals. There is also a recommended policy for URL Filtering.
By default, the Cloud App Control policy takes precedence over the URL Filtering policy. The service applies the Cloud App Control policy to a web transaction before applying the URL Filtering policy. To change this setting and have the service apply the URL Filtering policy even if it has already applied a Cloud App Control policy, go to Advanced Settings and enable Allow Cascading to URL Filtering. For information on the order in which the service enforces all policies, including this policy, see About Policy Enforcement.
• Allow: The service allows access to the URLs in the selected categories. You can still restrict access by specifying a daily quota for bandwidth and time. For example, you can allow your users to access Entertainment and Recreation sites, but restrict the bandwidth allowed for these sites so they don't interfere with business-critical applications. The daily time quota is based on the time that the rule is created. For example, if the rule is created at 11:00 AM PST, then the quota is renewed at 11:00 AM PST the next day.
• Caution: When a user tries to access a site, the service displays a Caution notification. You can use the system-defined notification, customize the text, or create your own notification and direct users to it. See image.
Close
• Block: The service displays a Block notification. You can use the system-defined notification, customize the text, or create your own notification and direct users to it. See image.
Close
Additionally, you can allow some users or groups to override the block with the Allow Override option. For example, you can block students from accessing KZbin but allow the teachers. Teachers are prompted to enter their override password. This can be company-provided credentials such as single sign-on credentials or hosted database credentials based on the Enable Identity-based Block Override settings. Permitted users are allowed to access the blocked page only during their current browser session. They are required to reauthenticate when they try to access it in another browser session.
See image.
Close
• Isolate: The service isolates all the traffic to the URLs in the selected categories through a remote browser.