Skip Navigation

Configure the access control list

evaluates existing connections to a destination every five minutes. On evaluation,
reapplies the ACL rules, and the established connection might be disconnected, if required. This can occur if, for example, the users' risk level has changed, or the destination reputation has been updated since the connection was established.
Ensure that you have defined your private network according to your organization's needs. For instructions, see Define your private network.
  1. In the management console, on the menu bar, click
    Settings > Network
  2. Click the
    Access Control List
  3. If you see a notification that a draft set of rules is in progress, click the
    Draft Rules
    If you do not have a draft set of rules in progress, any update you make creates a draft set of rules.
  4. Perform any of the following actions:
    • To search for a rule or drafted rule, click The Search icon and select one or more predefined scopes, a condition, and specify the criteria. Click the rule that you want to view the settings for. Click to reset the search. For more information on searching, see Searching ACL rules and Network Services
    • To add a new rule to the end of the list, click
      Add Rule
    • To add a new rule above or below an existing rule, click The Add rule icon in the row for the existing rule and select
      Add rule above
      Add rule below
    • To copy a rule and add it above or below an existing rule, click in the row for the existing rule and select
      Copy rule above
      Copy rule below
    • To edit an existing rule, click the name of the rule.
    • To disable a rule, click The Enabled icon in the row for the rule.
    • To enable a rule, click The Disabled icon in the row for the rule.
    • To delete a rule, click The Add rule icon in the row for the rule and select
      Delete rule
    • To change the order of the rules, click
      and use the arrows to move rules up or down in the list.
    • To add a rule to allow traffic to a blocked malicious destination in the event that users require access (for example, users that perform threat research), click
      Add rule
      with the following settings. This rule must be ordered before other rules that allow access to a destination.
      • Action: Allow
      • Check access attempts against Network Protection check box: Clear the check box.
      • Target: Matches any. Add the destination address.
      • Users or groups: Matches any. Add the users or groups that require access to the destination.
  5. If you chose to add or edit a rule, specify the ACL rule parameters and click
  6. Click
    Commit rules
    to apply your changes to the ACL.
    You can also leave the page and return to the draft rules later. When you commit a draft ACL, all other administrators with a draft rule list are prompted to discard their out-of-date draft.