Secure Web Access ( SWA ) > SWA Configuration & Policy orchestration

Configuration & Policy Orchestration

Web Filter Policy Navigation

Navigation: Login → Organisation → WebFilter

Web Filter Policy Creation

Policy Creation Steps:

  1. Click “Add Policy”

  2. Enter Policy Name

  3. Select Target (User / Group)

  4. Choose Filter Type:

    • Application-Based

    • Category-Based

    • URL/IP-Based

    • Custom URL List

  5. Define Action:

    • Allow

    • Block

    • Bypass

  6. Save and Enable Policy

Best Practices:

  • Use structured naming conventions

  • Apply policies to groups rather than individual users

  • Document policy intent

Web Filter Policy Management

Administrators can:

  • Search policies by name or target

  • View rule configuration (read-only mode)

  • Edit policies to adapt to operational changes

  • Disable policies temporarily

  • Delete outdated rules

  • Modify default action settings

  • Use Global Enable/Disable for bulk control

Policy management should follow enterprise change-control procedures in production environments.

Web Filter for Custom URL’s

Custom URL filtering provides granular control over specific domains and URL paths.

Capabilities:

  • Allow specific business-critical URLs

  • Block malicious or non-compliant URLs

  • Control access at path level

  • Create department-specific exceptions

Example:

Allow → partnerbank.com
Block → youtube.com

Custom URL filtering is particularly useful for:

  • Compliance enforcement

  • Vendor portal access

  • Exception management

  • Project-specific restrictions

Web Filter Policy Enforcement & Validation

Enforcement Process:

  1. User initiates web request

  2. Traffic routed through SWA

  3. Policy engine evaluates request

  4. Matching rule applied

  5. Action enforced

  6. Event logged

If no rule matches → Default Action is applied.

Validation Checklist

Before full deployment:

  • Confirm correct user/group mapping

  • Verify policy is enabled

  • Validate default action configuration

  • Test allowed URLs

  • Test blocked URLs

  • Review logs for correct policy match

  • Confirm no unintended bypass

Testing should be conducted using controlled test accounts before enterprise-wide rollout.

Use Case

  1. Whitelisting
    Whitelisting allows access only to approved websites while blocking all others.

    Scenario: A financial organization allows access only to approved SaaS platforms and blocks all external services.

    Implementation:

    1. Default Action → Block

    2. Allow specific applications/domains

  2. Blacklisting
    Blacklisting blocks specific websites or categories while allowing general internet access.

    Scenario: Block social media during work hours for the Finance team.

    Implementation:

    1. Default Action → Allow

    2. Block Social Media category

  3. Bypass Rules
    Bypass rules allow selected traffic to skip filtering.

    Usage:

    1. Internal trusted applications

    2. Testing and staging environments

    3. Emergency troubleshooting

Bypass must be carefully controlled to prevent policy misuse or security gaps.