Enable walled garden

Enable walled garden

Before you begin
To configure the domains and IP addresses of traffic that you want to allow in a walled garden configuration, see Configure walled garden exceptions.

You can enable walled garden for ETP Client in a policy. When ETP Client is an unprotected state, this option blocks all traffic that’s not specified as an exception in the ETP network configuration. Currently, this feature is only supported on the Windows desktop client.

📘

When walled garden is enabled, ETP Client is configured as the local web proxy on the user’s device. As a result, the Overwrite Device Proxy setting is automatically changed to Yes.

To enable walled garden:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. Click the policy that you want, and select the Settings tab.

  3. Navigate to the ETP Client settings.

  4. Enable Walled Garden Exceptions.

  5. Click Save. If you want to save and deploy the policy update, click Save and Deploy.

Next steps
If you have not deployed the policy, deploy it to the ETP network. For instructions, see Deploy configuration changes.

Configure walled garden exceptions

You can configure the domains and IP addresses that you want to exempt from a walled garden configuration in ETP Client. When walled garden is enabled in a policy and ETP Client is in an unprotected state, these domains and IP addresses are allowed.

To configure walled garden exceptions:

  1. In the Threat Protection menu of Enterprise Center, select Locations > Network Configuration.

  2. In the Walled Garden Exception section, enter the domains, DNS suffixes, and IP addresses of the traffic you want to exempt from a walled garden configuration.

  3. Click Save. To save and deploy these settings, click Save and Deploy.

Next steps


Did this page help you?