Configure an internet access control rule to protect your users' internet access whether they are on or off your corporate network.

Trend Vision One automatically creates a default internet access rule to apply when no other internet access rules are triggered. The default rule allows unrestricted access to the internet.


  1. Go to Secure Access RulesInternet Access Control and click Create Rule.
    The rule configuration screen appears with the Web access control rule template selected.
  2. Specify a unique name and optional description for the rule.
  3. Choose whether to enable or disable the rule by clicking the toggle next to Status.
    You can also enable or disable rules on the Internet Access Control screen.
  4. Configure the rule parameters.
    Rule Parameter
    Users, devices, and locations targeted by or excluded from the rule
    • Users/Groups/Private IP address groups: Target or exclude users or groups registered with your configured SSO provider. You may alternatively target or exclude private IP address groups from your internal corporate network locations.
      • Only users or groups from the IAM system configured as your SSO provider can be used in rules.
      • Define a new IP address group by clicking Add. The IP addresses or ranges must exist on your internal corporate network.
      Rules may not apply to devices without the Secure Access Module installed that do not send HTTP/HTTPS requests containing the X-Forwarded-For (XFF) header field. The Internet Access Gateway cannot retrieve the private IP addresses of these devices.
    • Device posture profile: Select or add a device posture profile to exclude compliant devices that have the Secure Access Module installed.
    • Locations: Target available corporate or public/home network locations as defined on your Internet Access Cloud Gateway or Internet Access On-Premises Gateways.
      • Define network locations on particular gateways by going to Secure Access ConfigurationInternet Access ConfigurationGateways.
    Web traffic and content targeted by the rule
    The time period the rule is active
    Choose Custom to set a weekly schedule. Check Only apply the rule during the specified period and choose a date range to set a specific period.
    Schedules use the time zones defined in your corporate network locations. Connections from public or home networks use UTC+0.
    Actions taken when the rule is triggered
    • Access control: Allow, block, monitor or warn before access to the specified internet content.
      • When warn before access is chosen, users must click a Continue button to access the content. The content is available with no restrictions for 24 hours, after which the user is warned again.
    • Advanced security settings:
      Advanced security settings are not available if you choose to block content access.
  5. Click Save.
    View all available rules on the Internet Access Control screen.