Information About How Policies Work Parent topic

Each policy can be as general or specific as needed. Policies are compared against incoming traffic in sequence, and because the first policy that matches the traffic is applied, the more specific policies must precede the more general ones. For example, a policy for a single IP address must come before a rule for a network range that includes the single IP address if all other traffic-related settings are the same.
Policies define what actions to take if there is a traffic match: allow the traffic while bypassing scanning, block the traffic, or scan the traffic and perform the appropriate action configured for each risk level.
Note
Note
Under certain circumstances, for example if the file size is large or the network is slow, Deep Discovery Web Inspector triggers a deferred scan where part of the file is passed to the requesting client while Deep Discovery Web Inspector scans the remainder of the file. If a deferred scan is triggered, no notification will be displayed in client side. If Deep Discovery Web Inspector determines the file is malicious after the scan finishes, a notification page is not displayed on the client; however, the client only receives part of file data. Deep Discovery Web Inspector will not send the last chunk of received data to the client's browser. This results in an incomplete file on the client that is unusable and cannot be opened.
  • Policies contain specified policy parameters that are composed of traffic sources, domain objects, and selected file types.
  • The traffic source parameter includes four options that you can select: any, network objects, users and groups, and guest users.
    • Network objects are configured under user-defined settings, and can be created ahead of time or at the time of policy creation.
    • To select users and groups, you must configure Microsoft Active Directory Services ahead of time.
      See Active Directory Services.
  • Domain objects are configured under user-defined settings, and can be created ahead of time or at the time of policy creation.
  • The file types are predefined and include archives, executables, Office documents, PDF files, and script files.