Difference between a UPE WSS portal and a standard WSS portal.

book

Article ID: 221354

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Difference between a UPE WSS portal and a standard WSS portal.

What exactly gets removed from the WSS portal after switching to UPE?

What are all the configurations\policies moving to the Management Center (MC) after switching to Universal Policy Enforcement (UPE)?

Environment

Web Security Service

Management Center

Resolution

The following configurations and policies are removed from a UPE WSS portal. All these configs and rules are managed from the Management center or Referenced ProxySG after the UPE switch.

Changes in Authentication: The Authentication bypass rules are moved to MC. The User\Group Sync using Auth Connector or Third Party SCIM is also removed from the UPE portal.

  • Identity > Authentication Policy > Global Exemptions.
  • Identity > Users and Groups

 

SSL Interception: The following configuration and rules are moved to MC. The only option left on a UPE portal is to download the TLS/SSL Certificate.

  • Policy > Secure Web Gateway > TLS/SSL Interception > The option to Enable\Disable Interception.
  • Policy > Secure Web Gateway > TLS/SSL Interception > TLS/SSL Interception Policy.
  • Policy > Secure Web Gateway > TLS/SSL Interception > OCSP Validation.

 

Web Access Policies: The following policy options are moved to MC and need to be configured from MC VPM.

  • Policy > Secure Web Gateway > Threat Protection Rules.
  • Policy > Secure Web Gateway > Content Filtering Rules.
  • Policy > Secure Web Gateway > Proxy Restriction Rules.
  • Policy > Secure Web Gateway > Search Restriction Rules.
  • Policy > Data Loss Prevention > Traffic Source.
  • Policy > Web Isolation.

 

Content & Malware Scanning:  The Scanning Exemptions and Error handling are managed from MC after UPE switch.

  • Policy > Content & Malware Analysis > Scanning Exemptions.
  • Policy > Content & Malware Analysis > Scanning Error Handling.

 

Block Exception pages: The WSS Response pages are configured and managed from MC and the referenced ProxySG.

  • Policy > Response Pages.

 

End-User Privacy: The Privacy setting configurations are moved to MC.

  • Account Configuration > Data Retention and Privacy > End User Privacy.