Each policy can be as general or
specific as needed. Policies are compared against incoming traffic in sequence, and
because
the first policy that matches the traffic is applied, the more specific policies must
precede
the more general ones. For example, a policy for a single IP address must come before
a rule
for a network range that includes the single IP address if all other traffic-related
settings
are the same.
Policies define what actions to take if there is a traffic match: allow the
traffic while bypassing scanning, block the traffic, or scan the traffic and perform
the
appropriate action configured for each risk level.
 |
NoteUnder certain circumstances, for example if the file size is large or the network
is slow,
Deep Discovery Web
Inspector triggers a deferred scan
where part of the file is passed to the requesting client while Deep Discovery Web
Inspector scans the remainder of the
file. If a deferred scan is triggered, no notification will be displayed in client
side. If
Deep Discovery Web
Inspector determines the file is
malicious after the scan finishes, a notification page is not displayed on the client;
however, the client only receives part of file data. Deep Discovery Web
Inspector will not send the last chunk
of received data to the client's browser. This results in an incomplete file on the
client
that is unusable and cannot be opened.
|
-
Policies contain specified policy parameters that are composed of traffic sources, domain objects, and selected file types.
- The traffic source parameter includes four options that you can select: any, network
objects, users and groups, and guest users.
-
Network objects are configured under user-defined settings, and can be created ahead of time or at the time of policy creation.
-
To select users and groups, you must configure Microsoft Active Directory Services ahead of time.
-
-
Domain objects are configured under user-defined settings, and can be created ahead of time or at the time of policy creation.
-
The file types are predefined and include archives, executables, Office documents, PDF files, and script files.