You can create policies to control the content that flows in and out of your Web gateway. If you configure Active Directory integration, you can also create policies by user names, workgroups, organizational units, or departments.
If you plan to block Web sites by category, you should initially configure a policy to monitor that category of Web sites. After a period of time, check the reports to see what Web sites have been monitored. That way you can be sure that your policy matches only the types of Web sites that were expected. Also, you should test that the desired action occurs by accessing the Symantec Web Gateway test page from a computer in each policy workgroup.
You must install Symantec Web Gateway in the inline, proxy, or inline plus proxy network configuration to block file transfers. If you configure Symantec Web Gateway in the port span/tap network configuration, the block action is not available in the Web GUI.
Require authentication before users access Web sites.
You must configure Active Directory integration with NTLM for this policy to function. The authentication is typically invisible to users. In some cases users may see an authentication request in their Web browsers. You can only configure authentication policies for IP addresses, subnets, and services because Active Directory information is not available before authentication.
Allow users to access categories of Web sites outside of normal working hours.
For example, you can block access to entertainment Web sites during working hours but allow access after working hours. You specify the times for after hours access and also non-working days. To allow after hours access, you must have the URL filtering license.