Configure Web Access Control

Applies To: WatchGuard EPDR, WatchGuard EPP

In the Web Access Control settings of a workstations and servers settings profile, you can limit access to specific web content categories, and configure a list of URLs to allow and deny access to.

Screen shot of WatchGuard Endpoint Security, Web Access Control settings

Each computer on the network keeps a database of the URLs accessed from it. This database can only be accessed from the computer for a period of 30 days.

To configure web access control:

  1. From the top navigation bar, select Settings.
  2. From the left pane, select Workstations and Servers.
  3. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.

    The Add Settings or Edit Settings page opens.
  4. Enter a Name and Description for the profile, if required.
  5. Select Web Access Control.
  6. Enable the Enable Web Access Control toggle.
  7. To specify when you want to enable web access control:
    1. Select Enable Only During the Following Times.
    2. On the calendar, select the days and hours when you want to enable web access control.
      Click the day to select the whole day. Click and drag the squares to select multiple days and times. Click Clear to disable web access control for all of the times selected.

Screen shot of WatchGuard Endpoint Security, Web Access Control date selector

  1. Select the categories you want to deny computers access to.

Screen shot of WatchGuard Endpoint Security, Web Access Control categories

  1. To Deny Access to Pages Characterized as Unknown, select the toggle.
    Internal and intranet sites accessible on ports 80 and 8080 could be categorized as unknown. To avoid this, add exclusions for internal pages you want to allow.
  2. To exclude sites from web access control and always allow access to them, in the Always allow access to the following addresses and domains text box, enter the URLs.
    Access is allowed to all addresses that start with the specified addresses and domains , even if the full URL is longer.
  3. To always deny access to an IP address or domain, in the Deny access to the following addresses and domains text box, enter the IP address or domain.
    Access is denied to all addresses that start with the specified addresses and domains, even if the full URL is longer.
  4. Click Save.
  5. Select the profile and assign recipients, if required.
    For more information, see Assign a Settings Profile.

See Also

Manage Settings Profiles