Online Behavior Management

Content security profiles can be referenced in security policies to regulate Internet access behaviors of intranet users.

An enterprise deploys the FW as a security gateway at the network border. The requirements are as follows:

Standardize intranet users' access to the Internet.
Ensure the security of emails sent and received by intranet users.

According to the preceding requirements, the following security policies are configured:

No.	Description	Source Zone	Destination Zone	Source IP Address	Destination IP Address	Content Security	Action
1	Standardize intranet users' access to the Internet.	trust	untrust	IP address of the intranet users	any	URL filtering: filters websites accessed by intranet users to filter out illegal websites, malicious websites, and websites irrelevant to work, reducing the risk of virus infection and attacks and improving work efficiency. File blocking: checks the types of files uploaded to the Internet or downloaded from the Internet to prevent confidential information leakage and virus infection. Data filtering: filters the information browsed, searched, released, and transmitted by enterprise employees to prevent disclosure of confidential information and release of violation information. This feature prevents intranet users from browsing, searching for, releasing, and transmitting irrelevant information, improving work efficiency.	Permit
2	Ensure the security of sending and receiving emails for intranet users.	trust	dmz	IP address of the intranet users	Internal server address	Mail filtering Filters out junk mails to prevent the intranet mail server from receiving a large number of junk mails. Checks anonymous mails to prevent violation information from spreading on the network. Checks email addresses to control email sending and receiving permissions to prevent the disclosure of important information. Controls the size and number of mail attachments to prevent information leakage through attachments.	Permit
3	Deny the traffic that does not match any of the preceding security policy rules.	any	any	any	any	any	Deny

No.

Description

Source Zone

Destination Zone

Source IP Address

Destination IP Address

Content Security

Action

Standardize intranet users' access to the Internet.

trust

untrust

IP address of the intranet users

any

URL filtering: filters websites accessed by intranet users to filter out illegal websites, malicious websites, and websites irrelevant to work, reducing the risk of virus infection and attacks and improving work efficiency.

File blocking: checks the types of files uploaded to the Internet or downloaded from the Internet to prevent confidential information leakage and virus infection.

Data filtering: filters the information browsed, searched, released, and transmitted by enterprise employees to prevent disclosure of confidential information and release of violation information. This feature prevents intranet users from browsing, searching for, releasing, and transmitting irrelevant information, improving work efficiency.

Permit

Ensure the security of sending and receiving emails for intranet users.

trust

dmz

IP address of the intranet users

Internal server address

Mail filtering

Filters out junk mails to prevent the intranet mail server from receiving a large number of junk mails.
Checks anonymous mails to prevent violation information from spreading on the network.
Checks email addresses to control email sending and receiving permissions to prevent the disclosure of important information.
Controls the size and number of mail attachments to prevent information leakage through attachments.

Permit

Deny the traffic that does not match any of the preceding security policy rules.

any

Deny