4 Replies Latest reply on May 10, 2011 7:31 AM by brsh24

    Need some help with Web Protection rule

      I'm trying accomplish the following mission:


      1. Block users (w/o Justification) from posting sensitive data on any web server outside of our network (Facebook, for example)

      2. Monitor users when they post sensitive data on internal web servers (HR and Financial systems).


      So I created two web destinations - "External Sites" and "Intranet Sites", and I added my internal webservers to the "Intranet Sites" destination (names have been excluded from the screenshot).

      pic for question 2.jpg

      The problem is how do I create a web destination object that represents the entire Internet AND excludes my Intranet servers. I can configure the rule to monitor a web destination object or all web servers, which means I am able to configure a monitor rule for "Intranet Sites" but...

      pic for question 3.jpg


      ...if I configure the "External Sites" destination object to use the Any Web Destination check box, then it's going to include my Intranet sites by default, which if I understand the HDLP rules correctly (I'm relatively new to HDLP), means my Intranet sites will get monitored and blocked because the destination belongs to two different rules.

      pic for question.jpg

      Make Sense? Any thoughts on this?



      Message was edited by: BionicSecurityEngineer on 7/27/10 10:05:57 AM CDT