This article applies to organisations with a 'Hybrid' setup (both On-Premise Appliance and Cloud), as well as On-Premise only and Cloud only setups.
What is a Walled Garden?
A Walled Garden is a web filtering setup that restricts a specific group of users to access only a limited set of domains or websites. Unlike the usual approach, where most content is accessible by default and only restricted when needed, a Walled Garden blocks everything except selected domains. For example:
- Exam conditions: Create a temporary block that restricts access to all but a few domains, such as examination software, during exam hours
- Location-specific filtering: Set up a Location containing machines that can access only certain categories or sites for a specific purpose.
Before you begin
Prepare your policy items
Just like any set of Web Filter policies, you’ll need to identify:
- Who the policies apply to, identified by their User Group or as individual users.
- Where the policy applies, based on Location.
- When the policy will be active, based on Time slots.
You’ll also need a list of what content the users should be allowed to access while the Walled Garden applies. You can:
- Create a Custom Category that contains the domains they will require access to.
- Create a Category Group that contains the allowed categories.
- Use a combination of both.
(On-Premise Appliance only) HTTPS Inspection
Set up HTTPS Inspection for the allowed category or category group.
(On-Premise Appliance only) Authentication Exceptions
Content in the Authentication Exceptions list is not subject to Web Filter Policies specific to certain groups, so users may be able to access content they shouldn’t. Consider whether Authentication Exceptions are needed.
If you are sure they are needed, you can set up Authentication Exceptions.
Create your Walled Garden Web Filter Policies
Tip
Creating the Web Filter policies for your Walled Garden is best done within a policy folder, so the policies are kept together and can be switched on or off as required.
Create two Web Filter policies within a Policy Folder:
- A policy to Allow or Do Not Filter (only available to set up in On-Premise Appliance) the content that is permitted in the What field.
- A policy to Block the Everything category in the What field. Order this below your Allow policy.
Image 1: Example setup in On-Premise Appliance.
Image 2: Example setup in Cloud.