Policies can act on all computers that Symantec Web Gateway is aware of or policies can act on particular groups of computers. If you configure Active Directory integration, you can also create policies by user names, workgroups, and so on.
If you attempt to configure a policy that includes an Active Directory user or workgroup, Symantec Web Gateway may display an error. This error occurs if the user or workgroup does not exist in your Active Directory. The problem is most likely a typo in the policy. The name or workgroup does not match the user name or workgroup in Active Directory.
To specify computers or users for policies
In the Web GUI, click Policies > Configuration.
At the top of the page, ensure that Enable Policy Management is checked.
All policies are deactivated if Enable Policy Management is unchecked.
Click Create a New Policy.
At the top of the page, specify the following information:
Base Policy On (optional)
Optionally, click an existing policy or policy template on which to base your new policy. If you click an existing policy or policy template, the page is updated with the settings from that policy or policy template.
Type a name for the policy. The name appears on the Policies > Configuration page.
Type a description for the policy. The description appears on the Policies > Configuration page.
Block Page Message Group
Click the group of messages to display in the Web browsers of users for a blocked Web site, blocked file download, or a malware infection. You configure message groups on Administration > End User Pages. If you have not configured message groups, click Default.
This policy applies to all computers that are specified as part of the Internal Network Configuration on the Administration > Configuration > Network page.
Specific Work Groups
This policy applies to the computers that you specify under Work Groups on this page.
If you clicked Specific Work Groups for Applies to, under Work Groups click a Network Type and specify the computers or users for the group.
To use any of the LDAP options, you must have configured Active Directory integration. The ability to choose departments, organizational units, or workgroups depends on your Active Directory configuration.
The options that you can configure are as follows:
Specify the following options:
Type the IP address for the subnet.
Type a subnet mask for the subnet.
Specify the following options:
Type the IP address for lowest numbered IP address in the range.
Type the IP address for highest numbered IP address in the range.
The first and last IP addresses that you specify are included in the range.
Type a VLAN ID.
Click a department. The departments are populated from Active Directory. For the Other option, type a department.
A drop-down list appears if there are 100 or fewer discovered entities. For example, if a large enterprise has over 100 departments, a text box appears, and the administrator must type the department name.
LDAP Organizational Unit
Click an organizational unit. The organizational units are populated from Active Directory. For the Other option, type an organizational unit.
Click a workgroup. The workgroups are populated from Active Directory. For the Other option, type a workgroup.
LDAP User Name
Type an Active Directory user name using the form that is configured in Active Directory.