We have Advanced Threat Protection and Advanced Firewall licenses. I want to create policy that should allow spesific users for a spesific category for threat protection.
In Advanced Thread Protection module it can be created globally, for example Crpytomining. But i want to except only spesific users but all other users should drop. How can i handle this?
When i created IPS Control policy it cant evaluated. As a logical IPS Control is more spesific than ATP, so i expect IPS evaluated first. But according to document, ATP is evaluated first.
I would avoid altering the ATP modules all together – you can accomplish this with a the option Cascade Cloud Application to URL - and set a URL and Cloud App policy that allows the for a specific group (AD OU), AD Department — access to the areas of the net that cover what they need ---- if that does not cover you keep in mind the Security Exceptions under malware protection - removes that domain from Malware / ATP / and Sandbox ------ so tread carefully with the main security exceptions bypasses -
Excuse me, I want to know your specific scenario.
We also have Advanced FW license, but my colleagues and I were confused what traffic can IPS protect. Because Zscaler will proxy all my traffic, and server(Internet) didn’t know my real IP
or Port of my endpoint.
Besides, we don’t particularly understand why IPS policy can prevent specified threats against specified customers, including the ability to customize the source/destination IP(instead of selecting “any”). I’m confused for specific scene of this. Is it to prevent false positive judgement?
Hi, I couldnt understand you advise, i want to know how can i prevent/allow cryptomining for only spesific users.