Security Policies

Outbound Only Configuration

Unknown URL Category Profile Group

This adds additional protections with a more aggressive file blocking posture when the URL category is unknown. It is referenced in the gold security rules.

Security Rules

These are outbound-specific rules levering the IronSkillet security profile groups.

  • Block to force usage of SSL to assist URL-filtering category discovery

  • Aggressive file blocking including PE file types when URL category = unknown

  • Outbound access for all applications using ‘application default’ port requirements

  • Non-defaul SSL ports: allows bypass of app defaults for SSL traffic; tracking for non-standard ports

  • Non-default web ports: allows bypass of app defaults for web traffic; tracking for non-standard ports

  • Non-default application ports: allows bypass of app defaults for all traffic; tracking for non-standard ports

Warning

The non-default ports effectively allow all outbound traffic on any port. These are provided due to the variance of ports used and for SMB deployments to avoid rampant support calls. The explicit rules provide for hit counts to track and monitor out-of-bounds and suspicious applications.