ACL parameters Skip Navigation

ACL parameters

The ACL is an ordered list of rules that defines what happens when a
CylanceGATEWAY
user attempts to access a destination on the Internet or your private network. Each rule includes several parameters that can specify destinations, users, and other factors that a rule can match with and the action to take when a rule matches. If a network access attempt does not match any ACL rules, access is blocked.
When you add or edit ACL rules, the updates are added to a list of draft rules until you commit them. Each administrator has their own draft rule list. If an administrator commits a rule update, all other administrators with a draft rule list will be notified to delete or update their draft rule list before continuing.
Each rule can include the following parameters:
Item
Description
General information
Name
This is a name for the rule.
Description
This is a brief description of the purpose for the rule.
Enabled
This setting specifies that the rule is part of the ACL. You can turn off this option to disable the rule without deleting it.
Action
Action
This setting specifies whether to allow or block access if the attempt matches the rule. If allowed to continue, the access attempt may be evaluated again during the next phases of the attempt.
Check addresses against network protection
If the rule Action allows access, this setting specifies whether
CylanceGATEWAY
still blocks the connection if it detects a potential network threat. You should keep this option selected unless specified users need to connect to potentially malicious destinations.
Blocked notification message
If the rule Action blocks access, this setting specifies a notification message that displays on the device when an access attempt is blocked.
Traffic Privacy
This setting specifies whether the network access attempts are displayed in the Network Events screen (Gateway > Events). When this setting is enabled, network access attempts are not displayed in the Network Events screen. If you environment sends events to a SIEM solution or syslog server and the connection attempt matches a rule with traffic privacy, the events are not sent to the SIEM solution or syslog server.
Ignore ports
This setting specifies whether the destination port of the access control attempt should be evaluated or ignored as part of this rule.
Destinations
Target
Targets can be defined by a network service, a set of addresses, a set of addresses with defined protocols and ports, or only defined protocols and ports. You can select one of the following options:
  • Not applicable: The rule does not include destinations. For example the rule specifies only categories, or you may want to create a rule that allows all access attempts for specific users unless the connection is blocked by network protection.
  • Matches any: The rule applies if the destination matches any target specified in the rule.
  • Does not match: The rule applies if the destination does not match any target specified in the rule.
Network services
You can select one or more network services.
Address
This setting specifies the IP addresses, FQDNs, or wildcard domains for the destination address. IP addresses can be in IPv4 or IPv6 format and can be represented by a single IP, an IP range, or CIDR notation.
Protocol
This setting specifies whether the rule matches connection attempts using TCP, UDP, or both. If you do not select an option, the default is both TCP and UDP on all ports.
Port
This setting specifies the ports used for the destination. You can specify a single port or a range.
Category
A category defines the type of content available on a site.
CylanceGATEWAY
makes a best effort based on available information to determine the category of destination sites. You can select one of the following options:
  • Not applicable: The rule does not include categories.
  • Matches any: The rule applies if the destination matches any category specified in the rule. If you select this option, a list of categories that you select from is displayed.
  • Does not match: The rule applies if the destination does not match any category specified in the rule. If you select this option, a list of categories that you select from is displayed.
Conditions
User or user groups
This setting specifies users or user groups to include in the rule. You can specify any number of users and user groups. When you begin typing a name, a list will display matching user names and groups.
  • Not applicable: The rule applies to all users.
  • Matches any: The rule applies only to the users you add to the rule. If you select this option, a field to add user or group names is displayed.
  • Does not match: The rule applies only to users who are not listed in the rule. If you select this option, a field to add user or group names is displayed.
You can add rows to specify any number of users and user groups.
Risk
This setting specifies the acceptable risk level of the destination.
  • Not applicable: The risk level is not a condition for access.
  • Matches any: The destination must be within the range of acceptable risk levels to allow the connection. If you select this option, you can select the acceptable risk levels.