Configuring ACLs on IAPs for Website Content Classification

You can configure web policy enforcement on an access point to block certain categories of websites based on your organization specifications by defining ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. rules.

To configure ACLs for website content classification, follow the below procedure:

  1. In the WebUI, set the filter to a group containing at least one AP.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices > Access Points.
  3. Click the Config icon.

    The tabs to configure the APs are displayed.

  4. Click Show Advanced.
  5. Click the Security tab.
  6. Under Roles, select the role to modify.
  7. Under Access Rules For Selected Roles, click + to add a new rule.

    The Access Rule window is displayed.

  8. Under Rule Type, select Access Control.
  9. Configure the following on the Access Rule window.
    1. To set an access policy based on web categories:
      1. Under Service, select Web Category.
      2. Select the categories to which you want to deny or allow access. You can also search for a web category and select the required option.
      3. Under Action, select Allow or Deny.
      4. Click Save to save the rules.
    2. To filter access based on the security ratings of the website:
      1. Select Web Reputation under Service.
      2. Move the slider to select a specific web reputation value to deny access to websites with a reputation value lower than or equal to the configured value or to permit access to websites with a reputation value higher than or equal to the configured value. The following options are available:
        • Trustworthy Web Reputation Index—These are well known sites with strong security practices and may not expose the user to security risks. There is a very low probability that the user will be exposed to malicious links or payloads.
        • Low Risk Web Reputation Index—These are benign sites and may not expose the user to security risks. There is a low probability that the user will be exposed to malicious links or payloads.
        • Moderate Web Reputation Index—These are generally benign sites, but may pose a security risk. There is some probability that the user will be exposed to malicious links or payloads.
        • Suspicious Web Reputation Index—These are suspicious sites. There is a higher than average probability that the user will be exposed to malicious links or payloads.
        • High Risk Web Reputation Index—These are high risk sites. There is a high probability that the user will be exposed to malicious links or payloads.
      3. Under Action, select Allow or Deny as required.
  10. To set a bandwidth limit based on web category or web reputation score, select the Application Throttling check box and specify the downstream and upstream rates in Kbps. For example, you can set a higher bandwidth for trusted sites and a low bandwidth rate for high risk sites.
  11. If required, select the following check boxes:
  12. Click Save to save the rules.
  13. Click Save Settings in the Roles page to save the changes to the role for which you defined ACL rules.

In mixed versions of the groups, the application rule update is supported only at the VC level and not at the group level. If you have a group with multiple IAPs running 6.2.1.0-4.0 and if you upgrade one or more VC to 6.2.1.0-4.1, you can configure application rules at the VC level, but not at the group level. To use application rules at the group level, create a new group and move IAPs running 6.2.1.0-4.1 to the newly created group. If application rules are configured in this group, ensure that the IAPs with versions lower than 6.2.1.0-4.1 are not moved to that group.

The following animation shows you how to configure roles on APs for website content classification.