Managing Internet Threat Protection (ITP) Policies

Creating, editing, and prioritizing ITP policies in Banyan

  • Updated on Jul 11, 2023
  • 5 minutes to read
  • Contributors

This article describes features that are only available in the Banyan Unlimited edition.

ITP Policy Overview

Internet Threat Protection (ITP) policies are designed to protect users and devices from untrusted internet resources. Admins can create and manage ITP policies in Banyan’s Command Center. Admins assign ITP policies to users and devices via Roles, similar to other protected services in Banyan.

In Banyan, an admin decides which internet resources or categories of resources they need to block or allow. These resources are added to a Banyan ITP policy, and the ITP policy is then associated with a device or a group of devices.

Create an ITP Policy

Step 1: Create an ITP Policy

1.1 Navigate from Secure Access > ITP Policies.

1.2 Select + Create Policy.

Step 2: Select Threats to block

2.1 Toggle on the threats you wish to block your end users from accessing.

2.2 Select Next.

Step 3: Configure Content Filtering, Domain Blocking, and Domain Exceptions

3.1 Select which categories of content you want to block your end users from accessing by toggling on Category Filtering, selecting + Select categories to filter, and selecting categories from the dropdown menu. To remove an added category, select the x beside the category name.

3.2 Select which domains you want to block your end users from accessing by toggling on Domain Filtering, and then entering the domain name. To block more than one domain, select the + beside the domain name field.

3.3 Select which domains you want to configure as exceptions to your ITP policy by toggling on Domain Exceptions, and then entering the domain name. To except more than one domain, select the + beside the domain name field.

3.4 Select Next.

Step 4: Assign the ITP policy to devices in your org

4.1 Name your ITP policy and add an optional description.

4.2 Select one or more roles to assign your ITP policy to.

4.3 Enter custom messaging for your ITP block page.

Edit or Delete an ITP Policy

In the Command Center, navigate from Secure Access > ITP Policies. From your list of ITP Policies, select the Name of one you want to edit or delete.

Edit

1. To edit, select the pencil icon in the top right corner of the ITP policy page.

2. Adjust your toggles under Threat Protection, Content Filtering, or Assignment.

3. Select Save.

Delete

1. To delete your ITP policy, select the trash icon in the top right corner of the ITP policy page.

2. A modal will pop up, double-checking if you want to delete your policy. Select Delete.

Prioritizing ITP Policies

Devices are not required to have an ITP policy associated with them; however, each device can only have one policy active at a time. ITP policies can be prioritized: higher priority policies will take precedence when two or more policies apply to one device (i.e., a device with multiple Roles and separate ITP policies applicable to each Role).

Exclude Users from ITP Policies

The exclude ITP policy (i.e., Excluded Devices) is always the highest priority and cannot be re-prioritized or deleted. The exclude policy will by default include a role called Mobile Devices that cannot be removed.

1. In the Command Center, navigate from Secure Access > ITP Policies.

2. In your list of ITP policies, select the default Excluded Devices policy, and attach whichever Roles you want to be excluded from all ITP policies.

3. Select Save.

How to prioritize ITP policies

1. In the Command Center, navigate from Secure Access > ITP Policies.

2. Select the Reorder button in the top right corner of the page (i.e., the button with an up and down arrow).

3. Drag your ITP policies into your preferred order of priority, where 1 is the highest priority.

4. Select Save.

ITP policy sync status

When ITP policy assignments are edited or policies are re-prioritized, Banyan’s console does not typically reflect these changes immediately; for larger environments with many devices, syncs tend to take longer, and updates are only reflected in the console when Banyan completes the next sync.

Banyan’s sync status indicates whether the ITP policies page in the console is up-to-date or in progress. If a sync is in progress, then an ETA will also be available, so that admins can expect when ITP policy updates will be reflected in the console.

If the ITP policy sync status fails to complete, contact Banyan support.

Lookup Domain

Lookup Domain allows admins to view which category a given domain falls under. This feature also indicates whether a domain falls under a threat category. Lookup Domain is available as a feature for those who have enabled Internet Threat Protection in Banyan.

To use Lookup Domain, navigate to an Internet Threat Protection (ITP) policy in the Command Center.


Can’t find what you’re looking for?

We’re happy to help. Contact our team.