Configure SASE Internet Protection Rules

Configure SASE Application and URL Filtering for Internet Protection Rules

You create application and URL filters to prevent access to specific applications and URLs, thus allowing you to control web-browsing activity within an organization. Uncontrolled access to internet websites can expose an organization to security risks, such as threat propagation, loss of data, and lack of compliance.

Application identification provides an effective detection capability for evasive applications such as Facebook, Skype, Torrent, and WhatsApp. It identifies applications and protocols at different network layers based on the protocol bundle rather than using the IP address and port number. You can create custom application and URL categories on a per-tenant basis. You can associate a reputation value with the URL category. Each custom URL category has a unique name and defines information about the URLs to match using a string match or a pattern match. For information about creating custom applications and application groups, see Configure SASE User-Defined Objects.

To configure application and URL-filtering match criteria:

1. In the Internet Protection Rules List screen, click + Add to create a rule. The Create Internet Protection Rule screen displays, with Step 1, Applications, selected. By default, all applications, URLs, and reputations are matched by this rule. To accept the default settings, click Next to continue to Step 2, Users &  Groups.
   
   
   
   Note: You can include only certain application groups, applications, or application categories in the match list. The screen displays all custom and predefined application groups. Note that you can create internet protection rules based on either applications or URL categories and reputations, but not both. To match both applications and URL categories or reputations, create two separate internet protection rules. Click  Add New to add a new application category. See the Configure Application Categories section in Configure SASE User-Defined Objects.
    
2. To create an internet protection rule based on application groups, select the user-defined and/or predefined application groups to include in the match list, or type the name of the application group in the search box and select it from the search results. The application group is added to the search bar. In the following example, the custom application group AppGroup1 and the predefined application groups Adobe-Apps and Box-Apps are selected. To remove an application, click X next to the application in the search box.
   
   Click the  Information icon next to each application group or application category to see the tags associated with the application group or category.
   
   To create a new application group, click Add New. See Configure Cloud Applications To Use with API-Based Data Protection.
   
   
3. Click the Applications tab in the submenu. The following screen displays.
   
   
    
4. Select the custom and predefined applications to include in the match list, or type the name of the application in the search box and then select it from the search results. The application is added to the search bar. To remove an application, click X next to the application in the search box.
   
   Note: In Release 12.2.1 and later deprecated predefined applications are not displayed. If you had already configured a rule in Releases 12.1.1 and earlier that included a now-deprecated application in its match criteria, and then try to edit that rule, an error message similar to the following is displayed.
   
   
    
5. Click the Application Category tab in the submenu. The following screen displays.
   
   
    
6. Select the user-defined and/or predefined application categories to include in the match list, or type the name of the application category in the search box and then select it from the search results. The application category is added to the search bar. To remove an application category, click X next to the application category in the search box.
7. To create an internet protection rule based on URL categories and reputations, click the URL Categories & Reputations tab in the top menu. The following screen displays.
   
   
    
8. In the URL Categories and Reputation fields, select one or more URL categories and reputations to include in the internet protection rule. The URL category and reputation are added to the respective search bar. To remove a URL category or reputation, click X next to the name in the search box.
   
   The following table lists the predefined URL categories that are currently supported.
    

   Category Name	Description
   Abortion	Abortion topics, either prolife or prochoice. Examples of websites that fall into this category: http://abortion.procon.org, http://www.nafcanada.org.
   Abused Drugs	Discussion or remedies for illegal, illicit, or other commonly abused drugs such as heroin, cocaine, and other street drugs. Information about legal highs, including glue sniffing, misuse of prescription drugs, and abuse of other legal substances. Examples of websites that fall into this category: http://shroomery.org, http://passyourdrugtest.com.
   Adult and Pornography	Sexually explicit material for the purpose of arousing a sexual or prurient interest. Adult products including sex toys, CD-ROMs, and videos. Online groups, including newsgroups and forums, that are sexually explicit in nature. Erotic stories and textual descriptions of sexual acts. Adult services including videoconferencing, escort services, and strip clubs. Sexually explicit art. Examples of websites that fall into this category: http://playboy.com, http://union.fr.
   Alcohol and Tobacco	Sites that provide information about, promote, or support the sale of alcoholic beverages or tobacco products and associated paraphernalia. Examples of websites that fall into this category: http://thompsoncigar.com, http://wineinsiders.com.
   Auctions	Sites that support the offering and purchasing of goods between individuals as their main purpose. Does not include classified advertisements. Examples of websites that fall into this category: http://ebay.com, http://quibids.com.
   Bot Nets	URLs, typically IP addresses, that are determined to be part of a bot network, from which network attacks are launched. Attacks may include spam messages, denial of service (DoS), SQL injections, proxy jacking, and other unsolicited contacts.
   Business and Economy	Business firms, corporate websites, business information, economics, marketing, management, and entrepreneurship. Examples of websites that fall into this category: http://samsung.com, http://ups.com.
   cdns	Delivery of content and data for third parties, including ads, media, files, images, and video. Examples of websites that fall into this category: http://metacdn.com, http://edgestream.com.
   Cheating	Sites that support cheating and plagiarism and that contain related materials, including free essays, and exam copies. Examples of websites that fall into this category: http://essaymania.com, http://echeat.com.
   Computer and Internet Info	General computer and internet sites, and technical information. SaaS sites and other URLs that deliver internet services. Examples of websites that fall into this category: http://ranking.com, http://system.netsuite.com.
   Computer and Internet Security	Computer security and internet security, and security discussion groups. Examples of websites that fall into this category: http://siteadvisor.com, http://webroot.com.
   Confirmed spam sources	URLs from which large volumes of spam originates.
   Cult and Occult	Methods, means of instruction, or other resources to interpret, affect, or influence real events through the use of astrology, spells, curses, magic powers, satanic or supernatural beings. Includes horoscope sites. Examples of websites that fall into this category: http://horoscopes.com, http://astronet.hu.
   Dating	Dating websites focused on establishing personal relationships. Examples of websites that fall into this category: http://eharmony.com, http://christianmingle.com.
   Dead Sites	Sites that do not respond to http queries. Policy engines should usually treat these as uncategorized sites. Examples of websites that fall into this category: http://g00gle.com, http://whitehouse.info.
   DNS over HTTPS	Known DNS Over HTTPs (DoH) providers and domains. Examples of websites that fall into this category: https://cloudflare-dns.com and https://doh.opendns.com.
   Dynamic Content	Domains that generate content dynamically based on arguments to their URLs or other information (such as geolocation) on incoming web requests.
   Educational Institutions	Preschool, elementary, secondary, high school, college, university, and vocational schools and other educational content and information, including enrollment, tuition, and syllabi. Examples of websites that fall into this category: http://mit.edu, http://ucsd.edu, http://www.carlsbadusd.k12.ca.us/.
   Entertainment and Arts	Motion pictures, videos, television, music and programming guides, books, comics, movie theaters, galleries, artists, or reviews about entertainment. Performing arts, such as theater, vaudeville, opera, and symphonies. Museums, galleries, and art or artist sites, such as sculpture and photography. Examples of websites that fall into this category: http://eonline.com, http://highlightgallery.com.
   Fashion and Beauty	Fashion or glamour magazines, beauty, clothes, cosmetics, style. Examples of websites that fall into this category: http://visionmodels.co.uk/, http://genejuarez.com.
   Financial Services	Banking services and other types of financial information, such as loans, accountancy, actuaries, banks, mortgages, and general insurance companies. Does not include sites that offer market information, or brokerage or trading services. Examples of websites that fall into this category: http://firstpremierbankcards.com, http://paypal.com.
   Food and Dining	Food and dining sites.
   Gambling	Gambling or lottery web sites that invite the use of real or virtual money. Information or advice for placing wagers, participating in lotteries, gambling, or running numbers. Virtual casinos and offshore gambling ventures. Sports picks and betting pools. Virtual sports and fantasy leagues that offer large rewards or request significant wagers. Note that hotel and resort sites that do not enable gambling on the site are categorized in Travel or Local Information. Examples of websites that fall into this category: http://www.powerball.com/pb_home.asp, http://www.zjlottery.com.
   Games	Game playing or downloading, video games, computer games, electronic games, tips, and advice about games or how to obtain cheat codes. Sites dedicated to selling board games, andjournals and magazines dedicated to game playing. sites that support or host online sweepstakes and giveaways. Fantasy sports sites that also host games or game playing. Examples of websites that fall into this category: http://duowan.com, http://ubi.com.
   Generative AI	Artificial intelligence tools and systems that are used to generate new text, images, video, audio, code, or other types of synthetic data. Examples of websites that fall into this category: https://bard.google.com and https://chat.openai.com/chat.
   Government	Information about government, government agencies, and government services such as taxation, public services, and emergency services. Sites that discuss or explain laws of various governmental entities. Local, county, state, and national government sites. Examples of websites that fall into this category: http://www.nasa.gov, http://premier-ministre.gouv.fr.
   Gross	Vomit and other bodily functions, bloody clothing, and so forth. Examples of websites that fall into this category: http://ratemyvomit.com, http://bloody-disgusting.com.
   Hacking	Illegal or questionable access to or use of communications equipment or software. Development and distribution of programs that may allow compromising of networks and systems. Avoidance of licensing and fees for computer programs and other systems. Examples of websites that fall into this category: http://hackplayers.com, http://hackforums.net.
   Hate and Racism	Sites that contain content and language in support of hate crimes and racism such as Nazi, neo-Nazi, and Ku Klux Klan. Examples of websites that fall into this category: http://nazi-lauck-nsdapao.com/, http://americannaziparty.com/, http://kkk.com/.
   Health and Medicine	General health, fitness, and well-being, including traditional and non-traditional methods and topics. Medical information about ailments and various conditions, dentistry, psychiatry, optometry, and other specialties. Hospitals and medical offices. Medical insurance. Cosmetic surgery. Examples of websites that fall into this category: http://webmd.com, http://missionvalleymedical.com.
   Home and Garden	Home issues and products, including maintenance, home safety, decor, cooking, gardening, home electronics, and design. Examples of websites that fall into this category: http://homedepot.com, http://waysidegardens.com.
   Hunting and Fishing	Sport hunting, gun clubs, and fishing. Examples of websites that fall into this category: http://fishingworks.com, http://wildlifelicense.com.
   Illegal	Criminal activity, how not to get caught, copyright and intellectual property violations. Examples of websites that fall into this category: http://newid.com, http://kidneykidney.com.
   Image and Video Search	Photo and image searches, online photo albums and digital photo exchange, image hosting. Examples of websites that fall into this category: http://images.google.fr, http://gettyimages.com.
   Individual Stock Advice and Tools	Promotion and facilitation of securities trading and management of investment assets. Information about financial investment strategies, quotes, and news. Examples of websites that fall into this category: http://stockstar.com, http://morningstar.com.
   Internet Communications	Internet telephony, messaging, VoIP services and related businesses. Examples of websites that fall into this category: http://skype.com, http://www.chatib.com/.
   Internet Portals	Web sites that aggregate a broader set of internet content and topics and that typically serve as the starting point for an end user. Examples of websites that fall into this category: http://yahoo.com, http://qq.com.
   Invalid	URLs that do not meet the required format or contain invalid characters.
   Job Search	Assistance in finding employment, tools for locating prospective employers, or employers looking for employees. Examples of websites that fall into this category: http://monster.com, http://51job.com.
   Keyloggers and Monitoring	Downloads and discussion about software agents that track a user's keystrokes or monitor their web surfing habits. Examples of websites that fall into this category: http://keylogger.org, http://spy-tools-directory.com.
   Kids	Sites designed specifically for children and teenagers. Examples of websites that fall into this category: http://www.mundogaturro.com, http://www.ri-ra.ie/.
   Legal	Legal websites, law firms, discussions and analysis of legal issues. Examples of websites that fall into this category: http://www.pepperlaw.com, http://earlcaterlaw.com.
   Local Information	City guides and tourist information, including restaurants, area and regional information, and local points of interest. Examples of websites that fall into this category: http://downtownlittlerock.com, http://sandiegorestaurants.com.
   Low-THC Cannabis Products	Sites with content about low-THC, non-psychoactive products, including CBD oils, resin, extracts, herbs, capsules, supplements, foods, drinks, and toiletries/skin care products. Examples of websites that fall into this category: https://alwayspureorganics.com and https://directhemp.com.
   Malware Sites	Malicious content, including executables, drive-by infection sites, malicious scripts, viruses, trojans, and code. For more information, see http://en.wikipedia.org/wiki/Malware".
   Marijuana	Marijuana use, cultivation, history, culture, legal issues. Examples of websites that fall into this category: http://howtogrowmarijuana.com, http://cannaweed.com.
   Military	Information about military branches, armed services, and military history. Examples of websites that fall into this category: http://defense.gov, http://goarmy.com.
   Motor Vehicles	Car reviews, vehicle purchasing or sales tips, parts catalogs. Auto trading, photos, discussion about vehicles including motorcycles, boats, cars, trucks and RVs. Journals and magazines about vehicle modifications. Examples of websites that fall into this category: http://www.carmax.com, http://trade-a-plane.com.
   Music	Music sales, distribution, streaming, information about musical groups and performances, lyrics, and the music business. Examples of websites that fall into this category: http://itunes.com, http://bandcamp.com.
   News and Media	Current events or contemporary issues of the day. Radio stations and magazines, newspapers online, headline news sites, news wire services, personalized news services, and weather sites. Examples of websites that fall into this category: http://abcnews.go.com, http://newsoftheworld.co.uk.
   Nudity	Nude or seminude depictions of the human body. These depictions are not necessarily sexual in intent or effect, but may include sites containing nude paintings or photo galleries of artistic nature. Nudist or naturist sites that contain pictures of nude individuals. Examples of websites that fall into this category: http://gorod.tomsk.ru/index-1221486260.php, http://www.pornomedia.com/extra/strange/wwbeauty.
   Online Greeting Cards	Online greeting card sites. Examples of websites that fall into this category: http://123greetings.com, http://greeting-cards.com.
   Open HTTP Proxies	Internet-hosted proxies that are available to anyone.
   Parked Domains	URLs that host limited content or click-through ads that may generate revenue for the hosting entities but generally do not contain content useful to the end user. Under construction sites, folders, and web server default home pages. Examples of websites that fall into this category: http://000.com, http://buythisdomain.com.
   Pay to Surf	Sites that pay users in the form of cash or prizes, for clicking on or reading specific links, email, or web pages. Examples of websites that fall into this category: http://cashcrate.com, http://inboxdollars.com.
   Peer to Peer	Peer-to-peer clients and access. Torrents, music download programs. Examples of websites that fall into this category: http://mininova.org, http://bitcomet.com/.
   Personal Sites and Blogs	Personal websites and blogs posted by individuals or groups. Examples of websites that fall into this category: http://blogger.com, http://wordpress.org.
   Personal Storage	Online storage and posting of files, music, pictures, and other data. Examples of websites that fall into this category: http://box.net, http://freefilehosting.net.
   Philosophy and Political Advocacy	Politics, philosophy, discussions, promotion of a particular viewpoint or stance to further a cause. Examples of websites that fall into this category: http://deomcrats.org, http://political.com.
   Phishing and Other Frauds	Phishing, pharming, and other sites that pose as a reputable site, usually to harvest personal information from a user. These sites are typically quite short-lived, so examples do not last long. For more information, see http://en.wikipedia.org/wiki/Phishing".
   Private IP Addresses	Private IP addresses that are used as the host part of a URL.
   Proxy Avoidance and Anonymizers	Proxy servers and other methods to gain access to URLs in any way that bypasses URL filtering or monitoring. Web-based translation sites that circumvent filtering. Examples of websites that fall into this category: http://anonymouse.org, http://surfen-op-school.com.
   Questionable	Tasteless humor, get-rich-quick sites, and sites that manipulate the browser user experience or client in some unusual, unexpected, or suspicious manner. Examples of websites that fall into this category: http://9gag.com, http://collegehumor.com.
   Real Estate	Information about renting, buying, or selling real estate or properties. Tips about buying or selling a home. Real estate agents, rental or relocation services, and property improvement. Examples of websites that fall into this category: http://prudentialproperties.com, http://realtor.com.
   Recreation and Hobbies	Information, associations, forums and publications about recreational pastimes such as collecting, kit airplanes, outdoor activities such as hiking, camping, rock climbing, specific arts, craft, or techniques. Animal- and pet-related information, including breed specifics, training, shows, and humane societies. Examples of websites that fall into this category: http://petloverspublications.com, http://craftster.org.
   Reference and Research	Personal, professional, or educational reference material, including online dictionaries, maps, census, almanacs, library catalogs, genealogy, and scientific information. Examples of websites that fall into this category: http://reference.com, http://wikipedia.org.
   Religion	Conventional or unconventional religious or quasi-religious subjects. Churches, synagogues, or other houses of worship. Examples of websites that fall into this category: http://therocksandiego.org, http://biblesociety.ca.
   Search Engines	Search interfaces using key words or phrases. Returned results may include text, websites, images, videos, and files. Examples of websites that fall into this category: http://google.com, http://sogou.com.
   Self-Harm	URLs promoting anorexia, bulimia, and other types of self-harm. Examples of websites that fall into this category: https://lostallhope.com and https://poemsofselfharm.tumblr.com.
   Sex Education	Information about reproduction, sexual development, safe sex practices, sexually transmitted diseases, sexuality, birth control, sexual development, tips for better sex. Products used for sexual enhancement, and contraceptives. Examples of websites that fall into this category: http://sexetc.org, http://healthywomen.org/healthcenter/sexual-health.
   Shareware and Freeware	Software, screensavers, icons, wallpapers, utilities, ringtones. Downloads that request a donation, open source projects. Examples of websites that fall into this category: http://download.com, http://sourceforge.net.
   Shopping	Department stores, retail stores, company catalogs, and other sites that allow online consumer or business shopping and the purchase of goods and services. Examples of websites that fall into this category: http://amazon.com, http://groupon.com.
   Social Network	Social networking sites that have user communities in which users interact, post messages, pictures, and otherwise communicate. These sites were formerly part of Personal Sites and Blogs, but have been moved to this new category to allow for differentiation and more granular policy. Examples of websites that fall into this category: http://facebook.com, http://twitter.com.
   Society	A variety of topics, groups, and associations relevant to the general populace, broad issues that impact a variety of people, including safety, children, societies, and philanthropic groups. Examples of websites that fall into this category: http://dar.org, http://unicefusa.org.
   Spam URLs	URLs contained in spam. For more information, see http://en.wikipedia.org/wiki/Spam_(electronic).
   Sports	Team or conference web sites, international, national, college, professional scores and schedules; sports-related online magazines or newsletters, fantasy sports, and virtual sports leagues. Examples of websites that fall into this category: http://nba.com, http://schoenen-dunk.de.
   Spyware and Adware	Spyware or adware sites that provide or promote information gathering or tracking that is unknown to, or without the explicit consent of, the end user or the organization. Unsolicited advertising popups and programs that may be installed on a user's computer. For more information, see http://en.wikipedia.org/wiki/Spyware.
   Streaming Media	Sales, delivery, or streaming of audio or video content, including sites that provide downloads for viewers. Examples of websites that fall into this category: http://youtube.com, http://ustream.tv, http://warpradio.com.
   Swimsuits & Intimate Apparel	Swimsuits, intimate apparel, or other types of suggestive clothing. Examples of websites that fall into this category: http://victoriassecret.com, http://www.jockey.com.
   Training and Tools	Distance education and trade schools, online courses, vocational training, software training, skills training. Examples of websites that fall into this category: http://trainingtools.com, http://prezi.com.
   Translation	URL and language translation sites that allow users to see URL pages in other languages. These sites can also allow users to circumvent filtering as the target page's content is presented within the context of the translator's URL. These sites were formerly part of Proxy Avoidance and Anonymizers, but have been moved to this category to allow for differentiation and more granular policy. Examples of websites that fall into this category: http://translate.google.com, http://microsofttranslator.com.
   Travel	Airlines and flight booking agencies. Travel planning, reservations, vehicle rentals, descriptions of travel destinations, or promotions for hotels or casinos. Car rentals. Examples of websites that fall into this category: http://cheapflights.com, http://expedia.com.
   Uncategorized	Sites that are not in the categorization database.
   Unconfirmed spam sources	URLs that are suspected of being involved in the distribution of spam.
   Unverified	Versa uses advanced AI/ML (Artificial Intelligence / Machine Learning) techniques to identify Typosquatting, Punycode in URLs, and character substitution in URLs. If the categories of such URLs are already known, then further action is taken based on Real Time Protection Policy rules or a URL Filtering Profile. If the category is unknown, and the URL closely matches other known FQDNs, then this "Unverified" category is returned. A tenant administrator could block such URLs or specify some other action, such as redirect to Captive Portal.
   Violence	Sites that advocate violence, depictions, and methods, including game/comic violence and suicide. Examples of websites that fall into this category: http://happytreefriends.com, http://torturegame.org.
   Weapons	Sales, reviews, or descriptions of weapons such as guns, knives or martial arts devices, or provide information about their use, accessories, or other modifications. Examples of websites that fall into this category: http://browning.com, http://e-gunparts.com.
   Web Advertisements	Advertisements, media, content, and banners. Examples of websites that fall into this category: http://casalemedia.com, http://justwebads.com.
   Web-Based Email	Sites offering web-based email and email clients. Examples of websites that fall into this category: http://google.com/mail, http://foxmail.com.
   Web Hosting Sites	Free or paid hosting services for web pages and information concerning their development, publication, and promotion. Examples of websites that fall into this category: http://siteground.com, http://bluehost.com.

9. Click Next to configure match criteria based on users and groups. 

Configure SASE Users and Groups, User Confidence Bands, and User Device Groups for Internet Protection Rules

You create user and group security rules to detect the users and groups who are using applications on your network. These rules can help to identify users who may have transferred files or transmitted threats. User and group rules identify users based on their name or role rather than their IP address. In Releases 12.2.2 and later, you can also select the user confidence bands and user device groups to include in the match criteria. 

To configure users and groups, user confidence bands, and user devices groups match criteria:

1. In the Create Internet Protection Rule screen, select Step 2, User & Groups. By default, all users and groups, user confidence bands, and user device groups are included in the match.
   
   
    
2. To accept the default, click Next to continue to Step 3, Endpoint Posture.
3. To change the users and groups to include in the match list, click Customize in the Users & Groups box. The Users & Groups screen displays with All Users selected by default. 
   
   
    
4. You can choose the following user types to include in the match list:
   • All Users—Apply the security policy to all users, whether whether they are authenticated (known) or not authenticated (unknown)
   • Selected Users—Apply the security policy to users or groups from IdP that you select
   • Known Users—Apply the security policy to all authenticated users
   • Unknown Users—Apply the security policy only to users that are not authenticated
      
5. If you choose Selected Users, the following screen displays. You can choose user groups, individual users, or both user groups and users to include.
   
   
   1. In the Enable Internet Protection for the Following Matched Users or User Groups field, select one or more users or user groups.
   2. In the Search for User Groups bar, select the group to use.
   3. Under the User Groups tab, select the user groups to include in the match list, or type the name of a user group in the search box and then select it from the search results.
   4. To create a new user group based, click + Add New User Group. In the Add User Group window, enter a user group name and a distinguished name (DN) in the fields provided.
      
      
       
   5. Click Add.
6. To enable internet protection for selected users, click the Users tab in the submenu. The following screen displays.
   
   
    
   1. In the Enable Internet Protection for the Following Matched Users or User Groups field, select one or more users or user groups.
   2. Under the Users tab, select the users to include in the match list, or type the name of a user in the search box and then select it from the search results.
   3. To create a new user, click + Add New User. In the Add User window, enter a username and the user's work email in the fields provided.
      
      
       
   4. Click Add.
       
7. Click Back to return to the main Users & Groups screen.
8. To change the user confidence bands to include in the match list, click Customize in the User Confidence Bands box. The following screen displays.
   
   
9. Select one or more confidence bands from the drop-down list. The options are:
   • Trustworthy
   • Low Risk
   • Moderate Risk
   • High Risk
   • Suspicious
     ​​​​​​
10. Click  Back to return to the main Users & Groups screen.
11. To change the user device groups to include in the match list, click Customize in the User Device Groups box. The following screen displays.
    
    
     
12. Select one or more user device groups to include in the match list. 
13. Click Back to return to the main Users & Groups screen, or click Next to continue to Step 3, Endpoint Posture match criteria.

Configure Endpoint Posture for Internet Protection Rules

For Release 12.2.1 and later.

Endpoint posture allows you to select predefined and user-defined Endpoint Information Profiles (EIP) to include in the match criteria for internet protection rules. For information about configuring EIPs, see Configure Endpoint Information Profiles.

Endpoint posture also allows you to create additional match criteria by choosing a device/endpoint risk score to attribute to the entities within the network’s policy rule. This score helps determine the credibility and the likelihood of activities being legitimate or malicious. These match criteria can then be used when creating policies and rules. For more information, see Configure Endpoint Detection and Response. 

To select EIPs to include in internet protection rule match criteria:

1. In the Create Internet Protection Rule screen, select Step 3, Endpoint Posture. The following screen displays.
   
   
    
2. To customize an EIP, click Customize in the EIP pane. The following screen displays.
   
   
    
3. To create a new EIP profile, click  Create New EIP Profile. For more information, see Configure Endpoint Information Profiles.
4. To add a user-defined EIP, select the User Defined tab, then click  Add Existing EIP Profile. In the Add User Defined EIP Profiles popup window, select an EIP profile from the drop-down list.
   
   
    
5. Click Add.
6. To add additional user-defined EIP profiles, repeat Steps 2 and 3.
7. To add a predefined EIP profile, select the Predefined tab in the Endpoint Information Profile (EIP) screen, then click  Add Existing EIP Profile. In the Add Predefined EIP Profiles popup window, select an EIP profile from the drop-down list.
   
   
    
8. Click Add.
9. To add additional predefined EIP profiles, repeat Steps 5 and 6.
10. Click the  Back arrow to return to the Endpoint Posture screen.

To configure a device/endpoint risk score:

1. In the Endpoint Posture screen, click Customize in the Device/Endpoint Risk Score pane. The following screen displays.
   
   
    
2. Select one or more entity risk scores from the list. The options are:
   • High Risk (80–100)
   • Suspicious (60–80)
   • Moderate Risk (40–60)
   • Low Risk (20–40)
   • Trustworthy (0–20)
      
3. Click the  Back arrow to return to the Endpoint Posture screen, or click Next to go to Step 4, Geo Locations.

Configure SASE Geographic Location for Internet Protection Rules

Versa SASE internet protection rules provide a list of predefined regions that you can use to create filter profiles based on geographic location for both source and destination. By default, all source and destination locations are included in the match list. This means that no filtering is done based on location and traffic flows to all destinations. You can customize the location by selecting the country, state, and city to include in the match list.

To configure geographic location internet protection rule match criteria:

1. In the Create Internet Protection Rule screen, select Step 4, Geo Locations.
   
   
    
2. To accept the default, click Next to continue to Step 5, Network Layer 3-4 match criteria.
3. To change the source geographic locations to include in the match list, click Customize under Source Geolocation. The Source Geo Location screen displays.
   
   
    
4. Click Clear All to remove all the default source locations. (Because all locations are selected by default, they are not displayed).
5. (For Releases 12.2.1 and later.) To customize the geographic location by by country, state, or city, click the down arrow in the Country box. The Selected section lists the country, state, or city with name and location type. 
   
   
   1. Select Country, and then select one or more countries from the list. The map changes to highlight the countries that are selected.
   2. Select State, and then enter the name of the state and select the state from the list.
   3. Select City, and then enter the name of the city and select the city from the list.
6. To remove a location from the selected list, click the X next to the location type name.
7. To remove all locations from the selected list, click Clear All.
8. In the Source Geo Location screen, click the  Back arrow to go to Step 4, Geo Locations screen.
9. To customize the destination geographic locations to include in the match list, click Customize under Destination Geo Location. The Destination Geo Location screen displays.
   
   
    
10. Click Clear All to remove all the default destination locations. (Because all locations are selected by default, they are not displayed).
11. Repeat Steps 5 to 7 to change the destination locations.
12. Click Next to go to Step 5, Network Layer 3-4 screen, or click the  Back arrow to return to the Step 4, Geo Location screen.

Configure SASE Network Layer 3 and Layer 4 Criteria for Internet Protection Rules

You can create internet protection rule match criteria based on the following:

• Services—You can create match criteria based on Layer 4 services. Versa supports 741 predefined Layer 4 services. You can also create your own services. 
• Source and destination of traffic—You can create match criteria based on Layer 3 source and destination addresses, source sites and zones, and destination sites and zones.
• Schedules—You can create schedules that set a start time and date and an end time and date during which the policy will be in effect.

To configure network rules based on network Layer 3 and Layer 4 match criteria:

1. In the Create Internet Protection Rule screen, select Step 5, Network Layer 3-4. By default, all Layer 4 services and all source and destination traffic is included in the match, and no schedules have been configured.
   
   
    
2. To accept these defaults, click Next to continue to Step 6, Security Enforcement rules.

Configure Security Enforcement Actions for SASE Internet Protection Rules

You use Versa SASE security enforcement rules to define the actions to take on traffic that meets previously defined match conditions and to define the security enforcement actions that you can apply to matching traffic. You can select profiles under Filtering Profiles, Malware Protection & IPS, Cloud Access Security Broker (CASB), Data Loss Prevention (DLP) profiles, Advanced Threat Protection (ATP), and Remote Browser Isolation (RBI), as shown below.

You can apply either one security enforcement action or one security enforcement profile to matching traffic.

You can specify the following security enforcement actions:

• Allow—Allow all traffic that matches the rule to pass unfiltered.
• Deny—Drop all traffic that matches the rule.
• Reject—Drop the session and send a TCP reset (RST) message or a UDP ICMP port unreachable message.
• Profiles—Allow all traffic that match the selected security profile rules.

For Filtering Profiles, you can choose a predefined security enforcement profiles to allow or reject traffic, or you can create a customized version of any of the predefined profiles. The following are the predefined Filtering Profiles security enforcement profiles:

• URL filtering—Prevents access to specific URLs, controlling access to secure (HTTPS) and unsecure (HTTP) websites, thus allowing you to limit web-browsing activity and reduce risks from uncontrolled access to internet websites, including threat propagation, loss of data, and lack of compliance.
  
  Note: In addition to using predefined URL-filtering profiles, you can create custom URL-filtering profiles and associate them with internet protection rules. For more information, see Configure Custom URL-Filtering Profiles.
   
• IP filtering—Identifies network traffic based on the source or destination IP address or fully qualified domain name (such as www.acme.com) and filters or blocks traffic based on its IP address or FQDN and based on the reputation associated with an IP address or FQDN and its geographic location.
  Note: In addition to using predefined IP-filtering profiles, you can create custom IP-filtering profiles and associate them with internet protection rules. For more information, see Configure Custom IP-Filtering Profiles.
• File filtering—Reduces the risk of attacks from unwanted and malicious files, protecting against virus and vulnerabilities that are associated with various types of files. File filtering is performed based on the file type and the hash of the file. File filtering can block files associated with specific applications, files of specific sizes, files associated with specific protocols, and files traveling in a particular direction.SHA-based hash lists of files can mark potentially dangerous files for blocking and to mark safe files for allowing. File filtering to perform reputation-based file hash lookups on a cloud server.
  Note: In addition to using predefined file-filtering profiles, you can create custom file-filtering profiles and associate them with internet protection rules. For more information, see Configure Custom File-Filtering Profiles.
• Domain Name System (DNS) filtering—Blocks access to websites, webpages, and IP addresses, to provide protection from malicious websites, such as known malware and phishing sites.
  Note: In addition to using predefined DNS-filtering profiles, you can create custom DNS-filtering profiles and associate them with internet protection rules. For more information, see Configure Custom DNS-Filtering Profiles.

For Malware Protection & IPS, you can choose the following profiles:

• Malware protection—Scans web and email traffic for all types of malicious software (malware), which is a file or code that infects, explores, steals or otherwise damages servers and host devices.
• Intrusion protection system (IPS)—Identifies malicious activity using signatures, which are rules for matching suspicious software or patterns in an application's traffic, and by monitoring for unusual events or trends in network traffic.

For Cloud Access Security Broker (CASB), you can use custom CASB profiles or add CASB profiles from the CASB tab. For more information, see Configure CASB Profiles.

For Data Loss Prevention (DLP), you can use predefined or user-defined profiles. For more information, see Configure Data Loss Prevention in Concerto.

For Advanced Threat Protection (ATP), you can use predefined or user-defined profiles. For more information, see Configure Advanced Threat Protection.

For Remote Browser Isolation, you can use user-defined profiles. For more information, see Configure Remote Browser Isolation.

By default, the Filtering Profiles and Malware & IPS profiles have predefined VersaEasy configurations. You can use the predefined VersaEasy configurations, or you can create a custom profile.

Review and Deploy Internet Protection Rules

The final step in configuring internet protection rules is to review the choices you have made, edit them if needed, and then deploy the rule.

To review and deploy the internet protection rule:

1. In the Security Enforcement screen, select Review and Deploy and then enter information for the following fields.
   
   
    

   Field	Description
   Name (Required)	Enter a name for the rule. The name can be a maximum of 63 characters and can include alphanumeric characters, underscores, and hyphens.
   Description (Optional)	Enter a description for the rule.
   Tags (Optional)	Enter a text string or phrase to associate with the rule. A tag is an alphanumeric text descriptor with no white spaces or special characters that you can use to search rules. You can specify multiple tags.
   Rule is Enabled	Click the slide bar to enable the rule:   Click the slide bar again to disable the rule:

2. To modify the information in a section, click the  Edit icon, then make the changes to the configuration.
3. Click Save to deploy the new internet protection rule.

Supported Software Information

Releases 11.1.1 and later support all content described in this article, except:

• Release 11.4.1 provides separate tabs for Source Address, Destination Address, Source Zones and Sites, and Destination Zones and Sites for SASE Source and Destination Traffic for Internet Protection Rules.
• Release 12.1.1 allows you to clone Internet Protection Rules.
• Release 12.2.1 adds support to customize geographic locations by country, region, and city, and supports the VPN name option to include in the source address match list; allows you to create additional match criteria by choosing a device/endpoint risk score to attribute to the entities within the network’s policy rule; adds support for configuring RBI profiles; deprecated predefined applications are not displayed in the Concerto UI screens; adds support for the built-in GenAI_Firewall internet protection rule.
• In Release 12.2.2, under the Security Enforcement tab, the Secure Web Gateway (SWG) subtab was renamed Filtering Profiles and a new Malware Protection & IPS subtab was created, which contains the Malware Protection and Intrusion Protection System (IPS) profiles. 

Additional Information

Configure CASB Profiles
Configure Custom DNS-Filtering Profiles
Configure Custom File-Filtering Profiles
Configure Custom IP-Filtering Profiles
Configure Data Loss Prevention in Concerto
Configure SASE Private Application Protection Rules
Configure SASE Secure Client Access Rules