>
    Modify Default GenAI App Access Policy Rule to Control GenAI Access
    Focus
    Download PDF
    Focus
    1. Home
    2. AI Access Security
    3. Modify Default GenAI App Access Policy Rule to Control GenAI Access
    Download PDF
    AI Access Security

    Modify Default GenAI App Access Policy Rule to Control GenAI Access

    Table of Contents

    Modify Default GenAI App Access Policy Rule to Control GenAI Access

    Modify the default GenAI App policy rules in Strata Cloud Manager to control GenAI App usage in your enterprise.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Strata Cloud Manager)
    One of the following:
    • AI Access Security license
    • CASB-PA license
    • CASB-X license
    Modify the Default GenAI App Policy rule in Strata Cloud Manager to control GenAI App usage in your enterprise.
    • In Strata Cloud Manager, even though you can create policy rules through Security Policies for GenAI Apps, it is recommended that you use Web Security to create policy rules efficiently.
    • It's not recommended to have both GenAI and non-GenAI apps in the same policy if the Enterprise Data Loss Prevention (E-DLP) license isn't active.
    For Strata Cloud Manager, the Default Web Access Policies like Global Web Access and Global Catch All policy rules are used to control outbound traffic and web applications. To control the use of GenAI applications in your enterprise with an out of the box policy, use the Default GenAI App Access policy rules (under Default Web Access Policies). By default, this policy blocks all GenAI apps across your enterprise. To modify this policy:
    1. Log in to Strata Cloud Manager.
    2. Select ManageConfigurationNGFW & Prisma AccessSecurity ServicesWeb Security and select your target Configure Scope.
    3. In the Default GenAI App Access section, click the predefined Default GenAI app Accesspolicy rule.
      This policy controls the access to GenAI applications.
    4. Enable the Default GenAI App Access policy. It's disabled by default.
    5. Select GenAI App Access Policy and open the configuration page.
    6. In the Blocked Web Applications section, select + to add a specific Application Group, Applications, or a Custom Application Group to this list. Select X to delete existing GenAI applications from the list.
      In the following example, you can see the default list of blocked GenAI applications like GenAI Conversational Chat, GenAI Image Editor Generator, and so on.
    7. In the Allowed Web Applications section, select Add to add a specific Application Group, Applications, or a Custom Application Group to this list. Select - to delete existing GenAI applications from the list.
    8. In the Blocked URL Categories section, select + to add specific URL categories, Multi-Category URLs, or Dynamic URL Lists that are malicious and high-risk URL categories. Select X to delete existing URLs from this list.
    9. In the Allowed URL Categories section, select + to explicitly allow URL/custom categories in your enterprise. Select X to delete existing URL categories from this list.
      You can't modify the name and description of the Default GenAI App Access policy.
    10. Save.
    11. Push Config and Push.

    © 2024 Palo Alto Networks, Inc. All rights reserved.