Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Add Rules to a CASB Profile

Configure rules for a Cloud Access Security Broker (CASB) profile to control specific actions that can be performed on each cloud application. Once you create the rules, associate the CASB profile with a Secure Edge policy. You can edit, delete, or clone a CASB profile rule. For more information on the common operations that you can perform on the CASB Rules Page, see About the CASB Rules Page.

Table 1 lists the Juniper Secure Edge supported cloud applications and their activities.

Table 1: Juniper Secure Edge Supported Cloud Applications and their Activities

Cloud Application

Supported Activities

Box

Login, Upload, Download, and Share

Dropbox

Login, Upload, Download, and Share

Gmail

Login, Read, Compose, Send, Upload Attachment, and Download Attachment

Google Docs

Login, Upload, Download, and Share

Microsoft OneDrive

Login, Upload, Download, and Share

Salesforce

Login, Upload, Download, and Share

SharePoint

Login, Upload, Download, and Share

Slack

Login, Chat, Audio/Video, and FileTransfer

To add a rule to a CASB profile:

  1. Select Secure Edge > Security Subscriptions > CASB > CASB Profiles.
    The CASB Profiles page opens.
  2. Click + to create a CASB profile.
    The Create CASB Profile page opens.
  3. Click Add Rules or on the rule number available next to the column of your CASB profile name.

    The CASB Rules page opens.

  4. Complete the configuration according to the guidelines provided in Table 2.
  5. Click the tick icon on the right-side of the row once done with the configuration.

    After you create the rules, assign the associated CASB profile with a Secure Edge policy.

    Table 2: Fields on the CASB Rules Page

    Setting

    Guideline

    Seq

    Displays the rule number order.

    Name

    Enter a rule name.

    Name must begin with an alphanumeric character; colons, periods, slashes, dashes, and underscores are allowed; cannot exceed 29 characters.

    Cloud Applications

    1. Click + to configure rules to control access to the cloud applications for the CASB profile.

      The Cloud Applications window appears.

    2. Enter the following details:

      • Cloud application group—Select Any to match all cloud application groups or select File Sharing to control data sharing permissions.

      • Cloud applications—Select Any to match all cloud applications or select Specific to choose one or more cloud applications from the list for the CASB profile rule. For example, Box, Dropbox, or Salesforce.

    Application Instance

    1. Click + to configure the application instance for the CASB profile.

      The Application Instance window appears.

    2. Application instance names—Select an application instance from the list.

      To add a new instance, click Create application instance. For more information on the fields, see Create an Application Instance.

    3. Click OK.

    Activities

    1. Click + to configure the activities for the CASB profile.

      The Activities window appears.

    2. Activities—Select Any to match all the activities. To add a specific activity, click Specific and then select the respective activity.

    3. Share—Select one or more domain names from the list and then click the right arrow.

      To add a new name:

      1. Click +.

        The Add Share window appears.

      2. Enter a domain name (for example, yahoo.com).

        The name must begin with an alphanumeric character. Spaces and special characters except for - : . are not allowed. The maximum length is 63 characters.

      3. Click OK.

    4. To move an existing domain name, select the domain name and use the right arrow to move it to next column.

    5. Click OK.

    Action

    Select Deny or Permit to take an action when traffic matches the criteria.

    Options

    Enable or disable the activity logging option.