Proxy Restrictions in UPE
search cancel

Proxy Restrictions in UPE

book

Article ID: 381007

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

You would like to enable 'Proxy Restrictions' rules that you see in the Cloud SWG portal in a UPE managed environment.

In the Cloud SWG portal, select Policy > Proxy Restrictions.

This policy is not available by default in UPE.

Environment

UPE

Resolution

You can do this in UPE by creating a new CPL layer.

Below are two rules.

The first rule [Rule SYMC_Protocols_Standard_ports_only] is equivalent of "Restrict traffic to web protocols only " and the second rule  [Rule SYMC_Protocols_Web_non_standard_port] is for "Restrict web traffic to standard ports".

<Proxy SYMC_Protocols_Web_only>
  [Rule SYMC_Protocols_Standard_ports_only]
    url.scheme=http url.port=80 
    url.scheme=(https, ssl, tcp) url.port=443 
    url.scheme=ftp url.port=21 
    FORCE_DENY("Only web traffic on standard ports is permitted.") 
    
  [Rule SYMC_Protocols_Web_non_standard_port]
    url.scheme=(http, https, ssl, ftp) 
    url.scheme=tcp tunneled=no 
    FORCE_DENY("Only web traffic is permitted.") 

In order for the above to apply to any traffic, protocol detection would need to be allowed ( not bypassed ) for the specific endpoints, otherwise the Proxy cannot determine the protocol.