Go to Security > Policies, click New Policy (above the list) to start the wizard. You'll be prompted to assign a security policy for each of your web applications. Each policy includes several security options. We provide a policy called Pass-through to get you started. Tip - Turn help tips on (in the title bar) and get help by hovering over field names.
Configure a sensitivity rating for the various detection categories in the Application Security section of your policy. This impacts what inspection will be performed by filtering potentially noisy events. By setting a category to a lower number we’ll widen the focus of inspection using a larger number of inspection rules. By setting a category to a higher number we’ll narrow the inspection - this can help reduce any False Positives. Still have questions? The sensitivity values seen in events may guide you in tuning these values.
Set threat level thresholds (1 to 100) for logging and blocking in the Policy Controls section of your policy. This impacts what events we will log and block. You must set the blocking level greater than or equal to the logging level so blocked events will always be logged. Still have questions? The threat level and severity values seen in events may guide you in tuning these values.
These settings are defined as part of an HTTP profile. You can configure responses to cookies, content type sniffing, clickjacking and browser cross-site scripting. Learn more
These settings are defined as part of an HTTP profile. You can set options for server cloaking, removal of sensitive headers, error messages and sensitive file types. Learn more
Tags give you a way to organize your configurations and to permit users to access them. When you apply a tag to a policy, all users whose scopes include that tag will have access to that policy. A user's scope determines the user's access to objects. The user's role determines permissions to act on those objects. Learn more
You'll assign one security policy to each of your web applications. The same policy can be assigned to however many web applications you want.
Go to Security > Policies, hover over a security policy and choose Add to Sites from the Quick Actions menu. You can select web apps by name or choose tags to identify sites.
Go to Web Applications, hover over a web application and choose Set Policy from the Quick Actions menu.