Managing Internet Threat Protection (ITP) Policies

Creating, editing, and prioritizing ITP policies in SonicWall Cloud Secure Edge (CSE)

  • Updated on May 31, 2024
  • 5 minutes to read
  • Contributors

ITP Policy Overview

Internet Threat Protection (ITP) policies are designed to protect users and devices from untrusted internet resources. Admins can create and manage ITP policies in the Command Center. Admins assign ITP policies to users and devices via Roles, similar to other protected services in the Cloud Secure Edge (CSE).

In CSE, an admin decides which internet resources or categories of resources they need to block or allow. These resources are added to an ITP policy, and the ITP policy is then associated with a device or a group of devices.

Create an ITP Policy

Step 1: Create an ITP Policy

1.1 Navigate from Internet Access > Internet Threat Protection.

1.2 Select + Create Policy.

Step 2: Select Threats to block

2.1 Toggle on the threats you wish to block your end users from accessing.

2.2 Select Next.

Step 3: Configure Content Filtering, Domain Blocking, and Domain Exceptions

3.1 Select which categories of content you want to block your end users from accessing by toggling on Category Filtering, selecting + Select categories to filter, and selecting categories from the dropdown menu. To remove an added category, select the x beside the category name.

3.2 Select which domains you want to block your end users from accessing by toggling on Domain Filtering, and then entering the domain name. To block more than one domain, select the + beside the domain name field.

3.3 Select which domains you want to configure as exceptions to your ITP policy by toggling on Domain Exceptions, and then entering the domain name. To except more than one domain, select the + beside the domain name field.

3.4 Select Next.

Step 4: Configure App Filtering and App Exceptions

4.1 Select which apps you want to block your end users from accessing by toggling on Application Filtering, selecting + Select Apps, and selecting or entering the specific apps you want blocked.

4.2 Select which apps you want to except from this ITP policy by toggling on Application Exceptions, selecting + Select Apps, and selecting or entering the specific apps you want to except from the policy.

Step 5: Assign the ITP policy to devices in your org

5.1 Name your ITP policy and add an optional description.

5.2 Select one or more roles to assign your ITP policy to.

5.3 Enter custom messaging for your ITP block page.

Edit or Delete an ITP Policy

In the Command Center, navigate from Internet Access > Internet Threat Protection. From your list of ITP policies, select the Name of one you want to edit or delete.

Edit

1. To edit, select the pencil icon in the top right corner of the ITP policy page.

2. Adjust your toggles under Threat Protection, Content Filtering, or Assignment.

3. Select Save.

Delete

1. To delete your ITP policy, select the trash icon in the top right corner of the ITP policy page.

2. A modal will pop up, double-checking if you want to delete your policy. Select Delete.

Prioritizing ITP Policies

Devices are not required to have an ITP policy associated with them; however, each device can only have one policy active at a time. ITP policies can be prioritized: higher priority policies will take precedence when two or more policies apply to one device (i.e., a device with multiple Roles and separate ITP policies applicable to each Role).

Exclude Users from ITP Policies

The exclude ITP policy (i.e., Excluded Devices) is always the highest priority and cannot be re-prioritized or deleted. The exclude policy will by default include a role called Mobile Devices that cannot be removed.

1. In the Command Center, navigate from Internet Access > Internet Threat Protection.

2. In your list of ITP policies, select the default Excluded Devices policy, and attach whichever Roles you want to be excluded from all ITP policies.

3. Select Save.

How to prioritize ITP policies

1. In the Command Center, navigate from Internet Access > Internet Threat Protection.

2. Select the Reorder button in the top right corner of the page (i.e., the button with an up and down arrow).

3. Drag your ITP policies into your preferred order of priority, where 1 is the highest priority.

4. Select Save.

ITP policy sync status

When ITP policy assignments are edited or policies are re-prioritized, the console does not typically reflect these changes immediately; for larger environments with many devices, syncs tend to take longer, and updates are only reflected in the console when CSE completes the next sync.

CSE’s sync status indicates whether the ITP policies page in the console is up-to-date or in progress. If a sync is in progress, then an ETA will also be available, so that admins can expect when ITP policy updates will be reflected in the console.

If the ITP policy sync status fails to complete, contact SonicWall CSE support.

Lookup Domain

Lookup Domain allows admins to view which category a given domain falls under. This feature also indicates whether a domain falls under a threat category. Lookup Domain is available as a feature for those who have enabled Internet Threat Protection in CSE.

To use Lookup Domain, navigate to an Internet Threat Protection (ITP) policy in the Command Center.

Disabling ITP

If an ITP policy is disabled by an end user in their device’s app, it will automatically be re-enabled after 1 hour. CSE generates logs detailing when the ITP policy was disabled and when it was re-enabled. These logs can be found under Events in the Command Center.