As a Company Manager, you can configure Web Policies, which control the websites that users can access in Venn and how encrypted app and website traffic is monitored in Venn’s Blue Border™.
Venn has two types of Web Policies that you can implement as a Company Manager:
Web (DNS) Filtering Policy
Your company’s Web Filtering Policy enables you to apply broad limits to the sites that users can access when browsing in Venn at the domain level by intercepting domain name requests (DNS queries). You can block domains by category (e.g., gambling or hate speech) and/or allow or block specific domains.
Your Web Filtering Policies are applied to all user DNS queries in Blue Border. You can set up Web Filtering Policies for the All Users group or for specific user groups with assigned Private Company Gateway IP addresses.
Learn how to view and manage your Web Filtering Policies.
Web Proxy Policy (Blocklist/Allowlist and TLS Inspection)
Your company’s Web Proxy Policy enables you to apply more granular restrictions by controlling which websites or IP addresses can be accessed in browsers running in Venn and configuring which processes and domains have TLS Inspection enforced.
- Web Control (Blocklist/Allowlist): You can block specific URLs or IP addresses or you can even block all web traffic by default and implement an allowlist to enable access only to specific URLs or IP addresses.
- TSL Inspection: By default, Venn enforces TLS inspection for specific processes managed by Venn, including web browsers and Microsoft 365 applications. This allows Venn to enforce DLP Policies such as account controls and upload restrictions. You can determine which additional processes have TLS inspection enforced and determine which domains are excluded from inspection.
Your Web Proxy Policy relies on the local web proxy that Venn runs on users’ devices. Learn more about the Blue Border web proxy.
Web Proxy Policies are configured for individual users, the All Users group, or for specific user groups in Venn.
Learn how to view and manage your Web Proxy Policies.
Available Web Policies
-
Not sure which Web Policies you want to enforce?
Download this planner to review with your IT and Security teams.
Web (DNS) Filtering Policy
| Policy | Venn Best-Practice Recommendation |
|
Categories Determines which web domains are blocked by domain category |
Depending on your organization’s workflows, adjust the default Categories that are blocked by Venn’s Web Filter. |
|
Allowed Domains Determines which web domains are on your company's "allowlist" |
Add any web domains to your Allow list to prevent the domain from being blocked by Venn’s Web Filter. |
|
Blocked Domains Determines which web domains are on your company's "blocklist" |
Add any web domains to your Block list to prevent users from accessing them in Blue Border. |
Web Proxy Policy (Blocklist/Allowlist and TLS Inspection)
| Policy | Settings | Venn Best-Practice Recommendation |
|
Web Control Determines URLs and IP addresses blocked by the Web Proxy |
Allow all web traffic by default: Allow normal web traffic and implement a "blocklist" of specific URLs or IP addresses Block all web traffic by default: Block all web traffic by default and implement an "allowlist" to enable access only to specific URLs or IP addresses |
|
|
TLS Inspection: Processes Determines which apps you enforce TLS inspection for Note: Some apps are managed by Venn and cannot be removed. |
Disable TLS inspection by default: Disable TLS Inspection for most apps and specify which processes to include for TLS Inspection Enable TLS inspection by default: Enable TLS Inspection for all apps by default and implement a list of processes to exclude for TLS Inspection |
|
|
TLS Inspection: Domains Determines which domains you enforce TLS inspection for Note: For Domains, TLS Inspection is enabled by default. |
Domains excluded from inspection: Exclude domains listed from TLS Inspection | Depending on your organization’s workflows, specify any apps to include as Domains always excluded from inspection. Some apps are managed by Venn and cannot be removed. |