Creating an Internet Access Control Rule

Configure an internet access control rule to protect your users' internet access whether they are on or off your corporate network.


Trend Micro Vision One automatically creates a default rule to apply whenever no other internet access rules are matched. The default rule allows unrestricted access to the internet.

  1. On the Secure Access Rules screen, click the Internet Access Control tab and then click Create Rule.

    The rule configuration screen appears with the Web access control rule template selected.

  2. Specify a unique name and a description for the rule.
  3. (Optional) To enable or disable the rule, click the toggle next to Status.

    You can also enable or disable rules on the Internet Access Control tab.

  4. Configure the following rule factors.

    Rule Factor




    The users and locations that the rule applies to

    User/user groups

    Specify users and groups from your IAM system.


    If you have configured more than one IAM system, the IAM system with SSO enabled applies.


    Specify Internet Access Gateways, corporate network locations, or public/home network locations with specified IP addresses or geographic region.

    • Corporate network locations identify user traffic from known locations, such as the corporate headquarters, a branch office, or company VPN. Corporate network locations access the internet through a specified Internet Access Gateway. You can add corporate network locations from the Internet Access Control tab.

      For more information, see Internet Access Gateways and Corporate Network Locations.

    • Public/home network locations identify roaming users, such as users connecting to public Wi-Fi networks or working from home. Public/home network locations are defined by IP address or geographic region.


      To define a new public/home network location using one or more IP addresses, click Add IP address group.


    The internet content that the rule applies to


    Specify URL categories, cloud app categories, and file types.

    • Expand Custom cloud app categories and apply the rule to URL lists predefined by Trend Micro or customized by the admin.

      For more information, see Custom Cloud App Categories.

    • Expand Specific actions for supported cloud apps and apply the rule to actions within apps. (For example, you could block file downloads from Facebook.)

    • Expand URL categories and apply the rule to URL categories predefined by Trend Micro or customized by the admin.

      For more information, see Custom URL Categories.

    Content types

    Specify media types, file names, or true file types as defined by file profiles.

    For more information, see File Profiles.


    The weekly period that the rule is applied


    The schedule uses the defined time zone of corporate network locations or UTC+0 for public/home network locations.


    The action taken when the rule is triggered

    Access control

    Allow, block, or monitor access to the specified internet content.


    Select Monitor URL/Cloud App Access to allow the internet access but log the activity.

    For more information about actions, see Zero Trust Actions.

    Advanced security settings

    If you select Allow URL/Cloud App Access or Monitor URL/Cloud App Access, you can choose to scan and potentially block internet content defined by Threat Protection profiles and Data Loss Prevention profiles.

    For more information, see Threat Protection Profiles and Data Loss Prevention Profiles.

  5. Click Save.

    You can view the rule on the Internet Access Control tab.