Define the business policy in your SASE Orchestrator to determine web security screening. The business policy matches parameters such as IP addresses, ports, VLAN IDs, interfaces, domain names, protocols, operating system, object groups, applications, and DSCP tags. When a data packet matches the match conditions, the associated action or actions are taken. If a packet matches no parameters, then a default action is taken on the packet.
You can configure Business Policy rules using the
Business Policy tab in the Profile Configuration page. Optionally, you can also override the Profile Business Policy rules at the Edge-level. To create a business policy at the Edge level:
- In the SD-WAN service of the Enterprise portal, click . The Edges page displays the existing Edges.
- Click the link to an Edge, and then click the Business Policy tab. Alternatively, you can click the View link in the Business Policy column of the Edge. The Configure Business Policy page appears.
- The business policy rules and other settings inherited from the associated Profile are displayed under the Rules From Profile section of the Configure Business Policy page. You can edit the existing rules or add new rules for the selected Edge, by selecting the Override check box. The new and overridden rules appear in the Edge Overrides section.
- To create a new business policy rule, under Business Policy Rules, click +ADD. The Add Rule dialog box appears.
- Enter the Rule Name and select the IP version. You can configure the Source and Destination IP addresses according to the selected IP version.
- Under the Match area, configure the match criteria for Source, Destination, and Application traffic.
- In the Action area, configure the actions for the rule.
Note: VMware recommends configuring a business policy rules to Backhaul web traffic, using Port 80 and 443. You can send all Internet traffic to Backhaul Zscaler.
- After configuring the required settings, click Create.
For more information, see Create Business Policy Rule.