Create a Group FQDN Filter Profile

Use the following procedure to create a group FQDN filter profile with at least two standalone profiles:

Procedure

Step 1

In the Security Cloud Control platform menu, choose Products > Multicloud Defense .

Step 2

Navigate to Policies > Profiles > FQDN Filtering.

Step 3

Click Create.

Step 4

Provide a unique Name.

Step 5

(Optional) Enter a Description. This may help differentiate between profiles that may have a similar name.

Step 6

Specify the Type as Group.

Step 7

Select an initial standalone profile (at least one standalone profile is required).

Step 8

Click Add FQDN Profile to create a new row for additional profiles.

Step 9

Select a standalone profile.

Step 10

Specify the policy Action for uncategorized FQDNs.

Step 11

Specify the policy Action for ANY FQDNs (default).

Step 12

(Optional) Specify the Decryption Exception for uncategorized or ANY if decryption is not desired or possible. Possible reasons for considering decryption exception include:

  • Desire to not inspect encrypted traffic (financial services, defense, health care, etc.).

  • SSO authentication traffic where decryption is not possible.

  • NTLM traffic that cannot be proxied.

Step 13

Click Save.

What to do next

Attach the profile to a policy rule set. See Rule Sets and Rule Set Groups for more information.