Network Security
Understand the Default Web Access Policies
Table of Contents
Understand the Default Web Access Policies
Understand the Default Web Access Policies
Web Security policies apply to outbound traffic and web applications. When you enable Web
Security, the following are enabled by default, but you can adjust these settings
later:
- Best Practice Decryption
- Best practice settings for decryption are enabled.
![]()
- Global Web Access
- Blocks certain URL categories and allows all others with default Threat Management and DNS Security settings enabled.
- Blocks high-risk web applications and allows all others with default Threat Management and DNS Security settings enabled.
- You can adjust these settings later.
- Global Catch All
- Allows web traffic with default Threat Management and DNS Security settings enabled.
Threat Management and DNS Security settings are based on the following global
defaults, but can be adjusted as needed:
- Vulnerability Protection
- Blocks medium and above criticality threats. Advanced settings let you configure these settings for individual threat categories.
- Wildfire
- Enabled for upload and download of all file types.
- Detect Command-And-Control (C2) Activity
- Blocks medium and above criticality threats. Advanced settings let you configure these settings for individual threat categories
- Malware Protection
- Enabled with default actions for http and http2 decoders.
- DNS Security
- Enabled with default (best-practices) actions for supported threat categories. This is only for outbound DNS traffic.
Override Default Web Security Rules
Security Settings for Web Security come from the WebSecurity Snippet by default, but you can override
those settings with your own custom settings or by using a standard profile. Default
Web Access policies come from the Web Security Snippet and can be overridden at any
scope.
