You want to know the differences between the actions in the HTTP inspection feature of IWSVA. The following are the actions:
- Block
- Allow (scan)
- Allow (no scan)
- Monitor
Click image to enlarge
The different actions for HTTP inspection have the following effects:
-
Block:
Access to the resource (website, file etc.) will be blocked. The event will be logged in the policy enforcement logs on the web console which can be accessed under Logs > Log Analysis > Policy Enforcement.
-
Allow (scan):
Access to the resource is allowed and the usual scanning will take place. The event will appear in the internet access logs on the web console (unless the scanning finds malware or triggers a URL filtering policy). These logs can be accessed under Logs > Log Analysis > Internet Access.
-
Allow (no scan):
Access to the resource is allowed and no scanning will be done. The event will appear in the Internet Access logs.
-
Monitor:
This option has the same effect as Allow (scan) but the traffic will appear in the policy enforcement logs under MONITOR rather than in the Internet Access logs.
Click image to enlarge
This option offers a convenient way to monitor access to a particular resource.
