Procedure

1. Go to Policy → Policy.
2. Click Add.
3. Specify a policy name between 1 and 64 characters.
4. Optionally, specify a description between 1 and 128 characters.
5. Enable or disable the policy.
6. Configure Traffic source by selecting one of the following:
   • Any
     The policy applies to all networks, Active Directory users/groups, and guest users.
   • Selected users and groups
     The policy applies only to specific Active Directory users or groups.
     Under the All users and groups section, search for and add the users/groups to include as a traffic source. You can choose users and groups only if Active Directory Services is configured and only from domains that are included in the Active Directory Services configuration.

     Note Deep Discovery Web Inspector uses CommonName (CN) to perform user/group searches when selecting users/groups as a traffic source.

   • Selected network objects
     The policy applies only to specific network objects.
     Select and then move one or more objects from the available network objects list to the selected network objects list. You can create a new network object to include in the policy by clicking Add New Network Object.
     See Adding/Editing Network Objects.
   • Guest users
     The policy applies only to users that authenticate on the network using a designated guest account.

   Note You can configure exceptions if you chose Selected users and groups or Selected network objects as the traffic source. See How Exception Lists Are Used.

7. Configure Domain objects by selecting one of the following:
   • Any
     The policy applies to all domain objects.
   • Selected domain objects
     The policy applies only to specific domain objects.
     Move one or more objects from the available domain objects box to the selected domain objects box. You can create a new domain object to include in the policy by clicking on Add New Domain Object.
     See Adding/Editing Domain Objects.
8. Configure File types by selecting one of the following:
   • Any
     The policy applies to all defined file types.
   • Selected file types
     The policy applies to only specific file types.
     Move one or more file types from the available file types box to the selected file types box. The available file types are predefined and cannot be configured.
9. Select the Action.
   • Allow
     If the traffic matches the policy, allow the traffic while bypassing scanning.
   • Block
     If the traffic matches the policy, block the traffic.
   • Scan
     If the traffic matches the policy, scan the traffic and perform the appropriate action configured for each risk level.
10. If you configured Scan as the action, perform the following:
    1. Configure which action to take (Block or Monitor) for each risk level if this policy is matched.
    2. Enable or disable Patient-Zero.
       If Patient Zero Protection is enabled, objects that are sent to the Virtual Analyzer sandbox for analysis are temporarily held (neither delivered to the endpoint nor blocked) while waiting for sandbox analysis to complete. Once analysis is complete, depending on the outcome of the analysis, the appropriate action is taken.
11. Click Save.