Managing WebGroups

If the Distributed Cloud Firewall (DCF) feature is disabled, WebGroups are not available.
webgroup default

WebGroups are groupings of domains or URLs, inserted into DCF rules, that filter (and provide security to) Internet-bound traffic. WebGroups in DCF are only supported on Spoke Gateways and Public Subnet Filtering (PSF) Gateways.

From this tab you can save views, filter intrusion results, and download the results in a CSV file.

To filter HTTP or HTTPS traffic with a URL-based WebGroup, TLS Decryption must be enabled in the rule where the WebGroup is used.

Non-TLS or non-HTTP traffic will not match the rule that uses the WebGroup and will be evaluated against later rules.

System-Defined WebGroup

When you navigate to Security > Distributed Cloud Firewall > WebGroups, a system-defined WebGroup, 'All-Web', has already been created for you (if no other WebGroups exist). This predefined WebGroup cannot be deleted.

This is an "allow-all" WebGroup that you must select in a Distributed Cloud Firewall rule if you do not want to limit the Internet-bound traffic for that rule, but you still want to log the FQDNs that are being accessed.

Prior to Release 7.1.3006, the default WebGroup was named 'Any-Web' and was created by CoPilot. If you still have this WebGroup, you can modify it (if it is being used by Distributed Cloud Firewall rules) or delete it (if it is not used by any Distributed Cloud Firewall rules) so that it is not confused with the default 'Any-Web' WebGroup created by Controller.