Rule-base policy allows customers to be the masters of their own destiny. With legacy web policies customers were locked into a hard coded order of operations for enforcing web security.
Legacy web polices also presented a one-size fits all approach to policy enforcement because a web policy would only match on an identity. There was no granularity in terms of having the ability to treat identities differently from another in the same web policy. Any change for one identity in a web policy that had many identities would require a new policy to address that one identity. Additionally, there could be many variations for many identities, such as identities having requirements that overlapped with needs of other identities making web policies confusing and onerous to manage.
Rule-based policy allows customers to define their own order of operations by giving each rule a priority. All rules are processed in a top-down fashion, and once there is a match on identity AND destination, the action assigned to the rule is enforced. This makes it very easy to visualize what is happening, where exceptions need to be inserted, and what the likely outcome would be.
Note: rule-based policy only affects legacy web policies and does not extend to DNS policies.
For a detailed FAQ on rule-based policy, please read here.
Additionally, our Umbrella Admin Guide has been updated for rule-based policy. Please read here.