00:00:02 in this video we will look at setting up internet protection tools for this WG so the swg is a secure web Gateway which is a WhatsApp Hosted service on the cloud and this service basically protects your users traffic when accessing the internet the user can connect with the Gateway using the SASE client installed on the on their device or it can be a you know a user behind a branch office then the branch office can be connected to the Gateway either using a secure Versa a secure Versa Branch or 00:00:32 it can be a non-versa branch which has a side to side ipsec tunnel to the Gateway so the internet protection rule have two components one is the match condition and one is enforcement actions and these are the the match conditions enforcement actions that we can configure for the rule so for this uh for this video where we want to demonstrate how easy it is to create uh an internet protection rule we'll have to use cases about it that we want to configure the first one is to restrict all users from having access to 00:01:01 social media applications except for users from the Marketing Group and the second is to inspect all web traffic and if the user is accessing a website that is considered as high risk then you block it if it is if they're accessing a website that is moderate risk or suspicious then we have an Ask page that will prompt the user to uh to you know proceed with the connection or to you know deny the connection and we will also scan the traffic for any malicious files or exploits using the worst antivirus module and the IPS module and 00:01:29 these are created as profiles so we go into the configuration option so we'll go into configuration here this is the portal concerto portal and under the configure we go to real-time protection and internet protection we click on ADD so what you see here you know from number one to five these are the match conditions that we have for the rule six is enforcement action and seven is to just save the profile rule so we'll first create the uh the match condition for the social media application so here 00:02:00 select social network text under users and groups we are going to select the group as marketing click on next and we are not going to configure any EIP profile or any geo location or we don't want to match on on any Source or destination zone so we're just going to go to enforcement action and we're just going to set the action to allow click on next and here we say allow social media for marketing so we create this group and we save this and we we put this rule as the first rule in our list of rules so this rule 00:02:40 is evaluated first and then we create another rule which matches the same category which is social network and here we are not going to create any uh any other match condition we'll just go into the profiles for the enforcement and under URL filtering we are going to apply the block all urls we're going to block all urls uh you know for for users that are accessing social media and they're not part of the Marketing Group so you can see that under the profiles you have multiple profiles that you can select uh 00:03:14 you know the manual profile protection profile IPS profile file filtering DNS IP filtering profile and URL filtering so under URL filtering you have selected a predefined profile which is the block all urls so once this is done we click on next and then we say block social media and we click on Save and we'll put this rule after our second first rule so here we're going to add this rule here and now this is it so now we create our third rule before we create a third rule for protecting all web traffic from all 00:03:49 users we create the URL filtering profile so we need a we need a custom one here so if you go into configure secure configure internet protection profile and unintel production you see profiles and here you can create your custom profiles you have URL filtering DNS IP IPS malware protection file filtering profile custom profiles that you can create so we create a URL filtering profile here we click on next we go to reputation list and here we select high risk we want to block this and then we select moderate risk or 00:04:22 suspicious and then we say ask next allow and is a cloud lookup state so Cloud lookup State basically ensures that we do a real-time lookup to get the category or reputation for the traffic and we will say your protect traffic and will enable logging we'll save this profile so protect web traffic is what we created now we're going to internet protection rules and then we create our new rule here so here we are not going to match any match condition because we want to match all traffic we go to security 00:04:55 enforcement actions we collect profiles so first we'll select our URL filtering profile we just created so the protect web traffic is what you created will enable the the malware protection profile which is the antivirus module that one we need to enable for this traffic and the IPS module so under IPS module there are several predefined modules and we'll take the Versa Easy uh you know profile or module here right so they have a set of signatures that they will match and there's also the other uh profile 00:05:27 but you're not selecting them here for this user but you for this rule but you could also do them if you if you if you would like if you click on next and here we'll say protect all users the rule is enabled we save this and we say we want to put this role in the last okay so now this is done once these three rules are done so you can see how easy it is to create rules once you've created the rules you can also uh you know reorder them for example if you wanted to change the order you can always click on reorder and do that but 00:05:56 now we'll just publish these rules so that the config gets applied to the gateways and I've got you know uh this rule tested before so you can see here you know where where you would see the logs on under the for the uh for the for the traffic that hits the the antivirus module you know any viruses that get blocked you'll see them here under threat detection and Antivirus and any block because of the IPS action you will see them under the IDP section uh you'll see your logs here and the thread filtering basically has 00:06:26 your url filtering logs so uh you know any any access for example to to Facebook here for example gets blocked because if it's coming from a user that's not marketing or any other website for example this one is a suspicious website so this one as you can see is suspicious and this one gets blocked as well so you'll see them in the in the analytics so uh we can look at our configuration so the configuration is almost committed so to the first gateway Ohio and the second one in Paris so once this is done what we'll do is we'll also 00:06:55 look at how the capital portal page looks so we'll open up facebook.com because I'm connected so you can see uh because I'm connecting to through a user I'm connecting on connected on the client and I'm I'm a user basically not from the Marketing Group so because I'm accessing Facebook uh which is blocked by the policy uh you can see that this policy is blocked so this is how you configure the the uh in concerto for the real-time protection you're going to configure real-time protection and an internet protection uh 00:07:24 you can select multiple match actions very easily you can select enforcement actions and you can create predefined enforcement actions profiles or you can have custom defined profiles and then you can have the enforcement action from there so with this uh you know we have demonstrated how easy it is to create an internet protection rule thank you very much for watching