Configuring ACLs for Web Content Classification

The WebCC feature in Branch Gateways allows your network administrators to analyze the website usage by clients. Branch Gateways classify the usage pattern based on web categories and website reputation scores; it allows your network administrators to take appropriate measures to prevent malicious malware, spyware, or adware by blocking dangerous websites.

To configure an ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. rule for website content classification, complete the following steps:

1. To configure a Branch Gateway group or a Branch Gateway, complete either one of these steps:

• To select a gateway group:

  1. In the Classic Central app, set the filter to a group that contains at least one Branch Gateway.

     The dashboard context for a group is displayed.
     

  2. Under Manage, click Devices > Gateways.

     A list of gateways is displayed in the List view.

  3. Click Config.

     The configuration page is displayed for the selected group.

• To select a gateway:

  1. In the Classic Central app, set the filter to Global or a group that contains at least one Branch Gateway.

  2. Under Manage, click Devices > Gateways.

     A list of gateways is displayed in the List view.
     

  3. Click a gateway under Device Name.

     The dashboard context for the gateway is displayed.

  4. Under Manage, click Device.

     The gateway device configuration page is displayed.

2. If you are in the Basic Mode, click Advanced Mode to access the advanced configuration.
3. Click Security > Policies.
4. Click the icon in the Policies table to create a new policy.

The Add policy pop-up window is displayed.

5. Select a policy type from the Policy type drop-down list.
6. Enter the policy name in the Policy name field.
7. Click Save.
8. From the list of policies, select the policy you just created.

The Policy > <policy name> Rules table is displayed.

9. Click the icon in the Policy > <policy name> Rules table.

The <policy name> > New forwarding Rule table is displayed.

10. In the<policy name> > New forwarding Rule section, perform the following steps:

• Select Web Category/Reputation from the Service/app drop-down list and configure the following:

  1. Select a Web category from the drop-down list.
  2. From the Web reputation drop-down list, select one of the following reputation scores based on your requirement:
  • high-risk—These are high risk sites. There is a high probability that the user will be exposed to malicious links or payloads.
  • low-risk—These are benign sites and may not expose the user to security risks. There is a low probability that the user will be exposed to malicious links or payloads.
  • moderate-risk—These are generally benign sites, but may pose a security risk. There is some probability that the user will be exposed to malicious links or payloads.
  • suspicious—These are suspicious sites. There is a higher than average probability that the user will be exposed to malicious links or payloads.
  • trustworthy—These are well known sites with strong security practices and may not expose the user to security risks. There is a very low probability that the user will be exposed to malicious links or payloads.
  3. From the Action drop-down list, select Deny to not allow user to access this web category; else, select Permit to allow user to access the web category.
  4. For DSCP, enter a value.
  5. From the Time range drop-down list, select a suitable time range during which you want the policy to be active or valid. Alternatively, you can also create a new time range by clicking the icon.
  6. From the 802.1p priority drop-down list, select a priority from 1-7.
  7. For Options, select Log, Mirror, and Denylist, or any other option that is applicable.

11. Click Save Settings.

The following animation shows you how to configure ACLs for Web Content Classification.