Understand the Default Web Access Policies
Focus
Focus
Network Security

Understand the Default Web Access Policies

Table of Contents

Understand the Default Web Access Policies

Understand the Default Web Access Policies
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • NGFW (Cloud Managed)
Check for any license or role requirements for the products you're using.
  • Prisma Access license or AIOps for NGFW license
Web Security policies apply to outbound traffic and web applications. When you enable Web Security, the following are enabled by default, but you can adjust these settings later:
  • Best Practice Decryption
    • Best practice settings for decryption are enabled.
  • Global Web Access
    • Blocks certain URL categories and allows all others with default Threat Management and DNS Security settings enabled.
    • Blocks high-risk web applications and allows all others with default Threat Management and DNS Security settings enabled.
    • You can adjust these settings later.
  • Global Catch All
    • Allows web traffic with default Threat Management and DNS Security settings enabled.
Threat Management and DNS Security settings are based on the following global defaults, but can be adjusted as needed:
  • Vulnerability Protection
    • Blocks medium and above criticality threats. Advanced settings let you configure these settings for individual threat categories.
  • Wildfire
    • Enabled for upload and download of all file types.
  • Detect Command-And-Control (C2) Activity
    • Blocks medium and above criticality threats. Advanced settings let you configure these settings for individual threat categories
  • Malware Protection
    • Enabled with default actions for http and http2 decoders.
  • DNS Security
    • Enabled with default (best-practices) actions for supported threat categories. This is only for outbound DNS traffic.

Override Default Web Security Rules

Security Settings for Web Security come from the WebSecurity Snippet by default, but you can override those settings with your own custom settings or by using a standard profile. Default Web Access policies come from the Web Security Snippet and can be overridden at any scope.