Manual Chapter : Configuring APM for Application Filtering
Applies To:Show Versions
- 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Configuring APM for
Access Policy Manager (APM) supports a predefined set of application families and applications. An
application familyname characterizes the type of applications associated with it. Users cannot add applications or application families to APM.
application filterspecifies the applications (and application families) that Access Policy Manager (APM) supports and a filtering action (allow or block) for each application. An application filter can be used in a per-request policy in a supported APM configuration to control access to supported applications.
APM provides predefined application filters: block-all, allow-all, and default. The default application filter allows access to some application families and blocks access to others. Users can define their own application filters and use those that APM provides.
Overview: Configuring filters for application access
Access Policy Manager (APM) provides a few default application filters and you can configure additional filters. Application filtering is effected in a per-request policy.
Specifying the default filter action for an application
You can change the default filter action (block or allow) for any application. When you create a new application filter, the applications in it specify the default filter action.
A change to the default filter action for an application has no effect on existing application filters.
- On the Main tab, click.The Applications screen displays.
- To view applications, expand an application family.
- To modify the default filter action for an application:
- Click the application name.An Application Properties screen displays.
- From theDefault Filter Actionlist, retain the displayed setting or select another.The options areBlockandAllow.
- ClickUpdate.The Applications screen displays.
The default filtering action for the application is updated and is used when a new application filter is created.
Configure an application filter to specify how to process requests for access to applications or application families. You can configure multiple application filters.
- On the Main tab, click.Click the name of any filter to view its settings.Default application filters, such as block-all, allow-all and default, are available. You cannot delete default application filters.The Application Filters screen displays.
- To configure a new application filter, click one of these:
Another screen opens.
- Createbutton - Click to start with an application filter with the default filter action specified for each application.
- Copylink - Click this link for an existing application filter in the table to start with its settings.
- In theNamefield, type a unique name for the application filter.
- In theDescriptionfield, type any descriptive text.
- ClickFinished.The properties screen displays with an Associated Applications table.
- To block access to particular applications or entire application families, select them and clickBlock.When you select an application family, you also select the related applications. You can expand the application family and clear any applications that are selected.To block any applications that Secure Web Gateway cannot categorize, select the application familyUnknown.
- To allow access to particular applications or entire application families, select them and clickAllow.
To use an application filter, you must assign it in a per-request policy. A per-request policy runs each time a request is made.