Web Policy Rulesets

Rulesets are “containers” for rules. A Web policy ruleset defines a collection of identities and rules. Rulesets can include identities from a specific geographic area or physical office location, or from a group of networks, users, or roaming computers. Umbrella selects a ruleset from your list of rulesets by matching an identity associated with the requested web destination.
Umbrella Web policy enforcement works on the principle of implicit allow. Meaning, if something is not explicitly blocked, such as a security category or a destination, Umbrella allows.

Web Policy Rules

A Web policy rule is a collection of actions, destinations, and identities. You can define a Web policy rule and add a rule to a Web policy ruleset. List your highest priority rule first in your ruleset. Within a selected ruleset, Umbrella evaluates each rule in descending order. If Umbrella cannot match an identity and destination to a rule, Umbrella applies the security settings defined in the ruleset.

within the matching ruleset are matched on both identity and destination. Even if the identity matches a rule, if the destination does not match, the next rule is evaluated. This continues until there is a match or all rules have been exhausted. If there is no match, the default of implicit allow is applied. Therefore, always configure your rulesets and their rules so that the first ruleset listed that includes a particular identity also includes all configuration settings including rules destinations that you want applied to that identity.