Access Policy

The Access Policy defines what users are allowed or denied access to when browsing the internet. It enables administrators to:

• Control access to web categories, for example, social media, news, gambling

• Allow or block specific URLs or domains

• Manage access to cloud-based and web applications, for example, Dropbox, YouTube, ChatGPT

These controls can be tailored per user or user group, ensuring policies are aligned with business roles and security requirements. For example, marketing teams might be granted access to social media platforms, while finance users are restricted to business-related sites only.

To view the Access Policy page, access the Harmony SASE Administrator Portal and click Internet Access > Access Policy.

Column	Description
Name	Name of the Rule.
Action	Action for web traffic: Drop - Blocks web traffic. Accept - Permits web traffic. Warn¹ - Allows web traffic and logs the event. See Web Activity.
Source	Groups or members to which the rule is applied.
Destination	Destination of the web traffic generated by the source (Managed categories, Custom URLsor Applications).
Conditions	Allows admin to define time-based constraints for each rule. When a condition is applied, the rule is enforced only during the specified time frame (example: weekdays between 9:00 AM and 6:00 PM). This enables administrators to create policies that adapt to business hours, shift schedules, or specific access windows, for example, restricting access to social media sites outside of working hours. If no condition is set, the rule applies at all times.

¹The end user needs to confirm the warning message, so it do not show the alert for the inspected resource for the next 24 hours.

Application Policy

Application Policy enables you to monitor, manage, and enforce access control over the SaaS applications used in an organization. It uses state of the art applications catalog and detection engine to accurately recognize and classify SaaS applications based on their behavior, signatures, and traffic patterns.

Support

Minimum agent version supported is 11.5.

Creating an Access Policy

1. Access the Harmony SASE Administrator Portal and click Internet Access > Access Policy.

   Note - The access policy is a first-match-rule base.

2. Click Add New Rule.

   A new rule appears in the table.

   

3. In the Name field, enter a name for the rule.

4. From the Action list, select one:

   • Drop (default)

   • Accept

   • Warn

   Note - Custom URLs support wildcards, see Custom URLs.

5. In the Source field, add user or group list to which you want to apply the rule. Default is Any.

   1. Click Any > Add Source > Groups or Members.

      

   2. Select group(s) or member(s) from the list.

   3. Click Apply.

6. In the Destination field, select the destination. Default is Any.

   1. Click Any > Add Destination.

   2. To add web categories, select Web Categories.

      The Manage Web Categories window appears.

      

   3. Select the categories from the list.

   4. Click Apply.

   5. To add custom URLs, select Custom URLs.

      The Manage Custom URLs window appears.

      

   6. Select the custom URL. If the URL is not listed, click Add Custom URL and specify these and click Add URL:

      

      • Name

      • Description

      • URL

      Optionally, click Upload .CSV to upload a .csv file with list of URLs.

   7. Click Apply.

   8. To add applications, select Applications.

      The Add Application window appears.

      

   9. Search the application and click to select the application.

   10. Click Apply Changes.

7. In the Conditions field, specify the timeframe for which the rule must be active.

   1. Click Any > Add Condition > Time.

      The Manage Time window appears.

      

   2. Select the Start time from the list.

   3. Select the End time from the list.

   4. Select the Days from the list.

   5. Click Apply.

8. To activate the rule, turn on the Status toggle button.

9. Click Apply in the bottom of the page.

   

10. Click Apply.