POLICY
Set and manage Company, Domain Group, and Domain, which are the units for applying security policies.
Policy Management
[POLICY]
The [POLICY] menu displays the targets to which policies are applied in a Tree structure. Clicking the top-level node, Company, expands the sub-level Domain Groups, and clicking a Domain Group expands the subordinate Domain list sequentially.
| Item | Description |
|---|---|
| Policy Settings | Set detailed security policies (patterns, exceptions, etc.) for the selected domain group. |
| DEFAULT POLICY MANAGEMENT | Save or manage the created policy as a 'Default Policy Template'. |
| ADD COMPANY | Create a Company, the top-level unit for policy management. |
| ADD DOMAIN GROUP | Add a Domain Group under a Company, to which policies will be applied. |
| Add Domain | Add an actual Domain under a Domain Group. |
| EDIT | Edit the information of the selected Company, Domain Group, or Domain. |
| REMOVE | Delete the selected node (Company, Group, Domain). |
| POLICY SNAP SHOT | Save (backup) the current domain group's policy settings to a specific point in time or restore from it. |
Info
- A Company is a unit for administrative accounts, and a Domain Group is the unit to which security policies are actually applied.
-
(Example 1: Integrated Management) In environments like load balancing (L4/L7), multiple Agents sharing the same policy can be mapped to a single domain group for integrated operation.
-
(Example 2: Individual Policies) If a single Agent hosts multiple domains and different policies must be applied to each, the Agent can be mapped to multiple domain groups.
-
An Agent belongs to a single 'Company' and can be mapped to multiple 'Domain Groups' simultaneously. However, mapping one Agent to a single Domain Group is recommended for operational convenience.
- When using multiple domain groups, you must register the domains to be managed in each group with a wildcard (
*) or an exact name.
Danger
While it is possible to map a single Agent to multiple domain groups, it is not recommended as it can increase the Agent's resource load.
- [Important] The required authentication key for Agent installation differs:
- For mapping to a single domain group: Install using the 'Domain Group's' authentication info.
- For mapping to multiple domain groups: Install using the parent 'Company's' authentication info.
- For mapping to a single domain group: Install using the 'Domain Group's' authentication info.
ADD COMPANY
[POLICY] > Right-click in the empty area > Click [ADD COMPANY] or
[POLICY] > Click [ADD COMPANY] icon in the upper right
Adds a new company. After entering the information below, click [SAVE] to add it to the company list, and a relevant audit log is created. After creating a company, you can add domain groups and domains under it.
| Item | Description |
|---|---|
| COMPANY NAME | Enter the company name to be displayed on the management screen. |
| DESCRIPTION | Enter a detailed description for the company. |
EDIT COMPANY
[POLICY] > (Select company to edit) > Right-click > Click [EDIT COMPANY] or
[POLICY] > (Select company to edit) > Click [EDIT] icon in the upper right
Edits the name or description of an existing company. When the edit is complete, a relevant audit log is created.
- AUTHENTICATION INFO: This is a unique key issued automatically when a company is created. This key is used as the authentication value for Agent installation when a single Agent needs to apply policies from multiple domain groups simultaneously.
REMOVE COMPANY
[POLICY] > (Select company to delete) > Right-click > Click [REMOVE COMPANY] or
[POLICY] > (Select company to delete) > Click [REMOVE] icon in the upper right
Deletes a company. After selecting the company to delete, click [REMOVE] and a confirmation pop-up will appear. Click [OK] to complete the deletion, and a relevant audit log is created.
ADD DOMAIN GROUP
[POLICY] > (Select company to add to) > Right-click > Click [ADD DOMAIN GROUP] or
[POLICY] > (Select company to add to) > Click [ADD DOMAIN GROUP] icon in the upper right
Select a company and then add a domain group under it. The domain group is the actual unit to which security policies are applied. After entering the information, click [SAVE] to create the group, and a relevant audit log is recorded.
| Item | Content |
|---|---|
| DOMAIN GROUP NAME | Enter a unique name for the domain group to be displayed. |
| DOMAIN TYPE | Select the type of web server to protect. (IIS, Apache, NGINX, WAS) |
| VERSION | Enter the web server's version. |
| MODE | Set whether security functions are active for Agents in this group. RUN: Activates the security policy. BYPASS: Allows all traffic and performs no security checks. |
| DEFAULT POLICY | Select the policy template to apply when creating the group. (Low, Normal, High, etc.) Caution: Changing the 'DEFAULT POLICY' after group creation will reset all existing policies to the selected template. Creating a snapshot before changing is recommended. |
| DEFAULT ACTION | Sets the default response method for all patterns included in the 'DEFAULT POLICY' template. (DETECT is recommended for initial setup) Caution: This setting changes the default action for all policies in the template. DENY: Responds with a 403 Forbidden error upon threat detection. REDIRECT: Redirects to a specified block page upon threat detection. DETECT: Logs the threat without blocking. (Monitoring Mode) |
| DESCRIPTION | Enter a detailed description for the domain group. |
EDIT DOMAIN GROUP
[POLICY] > (Select domain group to edit) > Right-click > Click [EDIT DOMAIN GROUP] or
[POLICY] > (Select domain group to edit) > Click [EDIT] icon in the upper right
Edits the domain group's information. In the edit window, you can check the Authentication Info (Auth Key) needed for Agent installation and the Agent Status currently mapped to this group, in addition to basic info. A relevant audit log is created when the domain group is modified.
REMOVE DOMAIN GROUP
[POLICY] > (Select domain group to delete) > Right-click > Click [REMOVE] or
[POLICY] > (Select domain group to delete) > Click [REMOVE] icon in the upper right
Select the domain group you want to delete and click [REMOVE]. A confirmation window will appear. Click [OK] to complete the deletion. A relevant audit log is created when the domain group is deleted.
ADD DOMAIN
[POLICY] > (Select domain group to add to) > Right-click > Click [ADD DOMAIN] or
[POLICY] > (Select domain group to add to) > Click the Add icon in the upper right
Adds an actual domain to apply security policies to a domain group. A single domain group can contain multiple domains, and all these domains will have the same security policy applied. A relevant audit log is created when a domain is added.
| Item | Content |
|---|---|
| DOMAIN GROUP | The domain group to which the domain will belong is displayed. (Cannot be edited) |
| DOMAIN | Enter the domain address to protect (e.g., *.example.com, www.test.com) |
| DESCRIPTION | Enter a detailed description for the domain. |
EDIT DOMAIN
[POLICY] > (Select Domain Group) -> (Click Domain to edit) > Right-click > Click [EDIT DOMAIN] or
[POLICY] > (Select Domain Group) -> (Click Domain to edit) > Click [EDIT] icon in the upper right
Edits the domain information. Select the domain to edit, click [EDIT], change the items, and then click [SAVE]. A relevant audit log is created when the domain is modified.
REMOVE DOMAIN
[POLICY] > (Select Domain Group) -> (Click Domain to delete) > Right-click > Click [REMOVE] or
[POLICY] > (Select Domain Group) -> (Click Domain to delete) > Click [REMOVE] icon in the upper right
Deletes a domain. Select the domain to delete and click [REMOVE]. It is immediately removed from the list, and a relevant audit log is created.
DEFAULT POLICY MANAGEMENT
[POLICY] > Click [DEFAULT POLICY MANAGEMENT]
You can export a policy modified in a specific domain group as a 'Default Policy Template' or register a template imported from another Manager. If 'Include All URL Policies' is checked, the group's URL-specific exception policies will also be included in the template.
Caution: If a 'User-Defined Pattern' used at the time of template creation is later modified or deleted, data integrity may be broken, and the template may become unusable.
POLICY SNAP SHOT
[POLICY] > (Select Domain Group to backup/restore) > Click [POLICY SNAP SHOT]
You can save (backup) the current domain group's policy settings as a snapshot for a specific point in time, or restore from a saved snapshot.
| Item | Content |
|---|---|
| CREATE | Creates a new snapshot of the current policy. |
| RESTORE | Restores the policy to the state of the selected snapshot in the list. (Overwrites current policy) |
| REMOVE | Deletes the selected snapshot. |
Danger
Data Integrity Warning: If a 'User-Defined Pattern' that was included at the time of snapshot creation is later modified or deleted, the snapshot's data integrity will be broken, and it will be disabled to prevent restoration.
