Configure the access control list

Gateway evaluates existing connections to a destination every five minutes. On evaluation, Gateway reapplies the ACL rules, and the established connection might be disconnected, if required. This can occur if, for example, the users' risk level has changed, or the destination reputation has been updated since the connection was established.

Ensure that you have defined your private network according to your organization's needs. For instructions, see Define your private network.
  1. In the management console, on the menu bar, click Settings > Network.
  2. Click the Access Control List tab.
  3. If you see a notification that a draft set of rules is in progress, click the Draft Rules tab.
    If you do not have a draft set of rules in progress, any update you make creates a draft set of rules.
  4. Perform any of the following actions:

    Task

    Steps

    Search for a rule or drafted rule
    1. Click The Search icon and select one or more predefined scopes, a condition, and specify the criteria.
    2. Click the rule that you want to view the settings for.
    3. Click to reset the search.

    For more information on searching, see Searching ACL rules and Network Services

    Add a new rule to the end of the list.

    Click Add Rule.

    Add a new rule above or below an existing rule.

    Click The Add rule icon in the row for the existing rule and select Add rule above or Add rule below.

    Copy a rule and add it above or below an existing rule.

    Click in the row for the existing rule and select Copy rule above or Copy rule below.

    Edit an existing rule.

    Click the name of the rule.

    Disable a rule.

    Click The Enabled icon in the row for the rule.

    Enable a rule.

    Click The Disabled icon in the row for the rule.

    Delete a rule.

    Click The Add rule icon in the row for the rule and select Delete rule .

    Change the order of the rules.

    lick Order and use the arrows to move rules up or down in the list.

    Add a rule to allow traffic to a blocked malicious destination in the event that users require access (for example, users that perform threat research).
    Click Add rule with the following settings. This rule must be ordered before other rules that allow access to a destination.
    • Action: Allow
    • Check access attempts against Network Protection check box: Clear the check box.
    • Target: Matches any. Add the destination address.
    • Users or groups: Matches any. Add the users or groups that require access to the destination.
  5. If you chose to add or edit a rule, specify the ACL rule parameters and click Save.
  6. Click Commit rules to apply your changes to the ACL.
    You can also leave the page and return to the draft rules later. When you commit a draft ACL, all other administrators with a draft rule list are prompted to discard their out-of-date draft.