Rule ID
SV-279168r1170614_rule
Version
V1R1
CCIs
Ensure a Web Access Policy (under SYME-00-002500) has been created for allow rules or all proxy access will be denied. A deny-all, permit-by-exception network communications traffic policy ensures only those connections that are essential and approved are allowed. As a managed interface, the ALG must block all inbound and outbound network communications traffic to the application being managed and controlled unless a policy filter is installed to explicitly allow the traffic. The allow policy filters must comply with the site's security policy. A deny all, permit by exception network communications traffic policy ensures that only those connections that are essential and approved, are allowed. This requirement applies to both inbound and outbound network communications traffic. All inbound and outbound traffic for which the ALG is acting as an intermediary or proxy must be denied by default.
1. In the Edge SWG Web UI, navigate to the Configuration tab. 2. Select "Policy and Policy Settings". If the Default Proxy Policy is set to "Allow", this is a finding.
1. In the Edge SWG Web UI, navigate to the Configuration tab. 2. Select "Policy and Policy Settings". 3. Set the Default Proxy Policy to "Deny". 4. Click "Apply", then "Save".