Web Control Layer has been set up using the settings in the following dialogue:
Consider the following policy and select the BEST answer.
Traffic that does not match any rule in the subpolicy is dropped.
All employees can access only Youtube and Vimeo.
Access to Youtube and Vimeo is allowed only once a day.
Anyone from internal network can access the internet, expect the traffic defined in drop rules 5.2, 5.5 and
Policy Layers and Sub-Policies
R80 introduces the concept of layers and sub-policies, allowing you to segment your policy according to your
network segments or business units/functions. In addition, you can also assign granular privileges by layer or
sub-policy to distribute workload and tasks to the most qualified administrators
With layers, the rule base is organized into a set of security rules. These set of rules or layers, are
inspected in the order in which they are defined, allowing control over the rule base flow and the security
functionalities that take precedence. If an “accept” action is performed across a layer, the inspection will
continue to the next layer. For example, a compliance layer can be created to overlay across a crosssection of rules.
Sub-policies are sets of rules that are created for a specific network segment, branch office or business unit,
so if a rule is matched, inspection will continue through this subset of rules before it moves on to the next
Sub-policies and layers can be managed by specific administrators, according to their permissions profiles.
This facilitates task delegation and workload distribution.