This article outlines the process involved with configuring the web filtering for the first time use.


  • Cloud Account with Web Filtering enabled

Configuration Steps:

  • Login to your Cloud Web Security Portal.
  • Navigate to Filter Management > Web Filter > Setup.
  • Add your public IP address(es) under the Source IP Addresses section and save settings.



  • The public IP address(es) are the outside IP address(es) of your proxy server, firewall, or edge router where Network Address Translation (NAT) takes place. This step is not needed when using endpoint for web filtering as it performs user identification; however, it is mandatory to add all address(es) when you are redirecting (Port Forwarding) web traffic from your NAT device to the Cloud Web Security Clusters.

  • Once the IP address(es) have been added and saved, they will stay in Verified - Pending status as shown below. Please wait for the status to change to Verified - Yes before start forwarding your web traffic.

  • While waiting for IP address(es) to be verified, navigate to User Management > Users and add users manually followed by assigning them to User Groups.  For instructions on how to mass import users from your directory server, click here.



  • If you are not enforcing NTLM authentication, you can alternatively add your public IP addresses to policies in to have a global policy experience where one policy fits all users behind the NAT'd IP address.

  • Adding users manually or importing them from your directory server is only needed if you wish you enforce NTLM.

  • Once the users have been successfully added or imported, navigate to Filter Management > Web Filter > Policy to create one or more policies by assigning user groups to their relative policy.  For instructions on assigning groups to a policy, click here. After creating policies and assigning groups to the policies, save settings.
  • To filter users using their internal or private IP addresses, navigate to Filter Management > Web Filter > Policy and add IP address(es) in the form of single IP or a subnet, add, then drag & drop into the appropriate policy, and save policy as shown in the following:

  • Click Edit Policy button to edit the desired policy in order to configure policy elements.  Save settings.

  • Start forwarding traffic from your firewall. router, or proxy server to the iSheriff load balancers (proxy.online.isheriff.com:8082) along with necessary header values such as X-Forwarded-User, X-Client-IP, and X-CID-HASH if and where applicable.

Please contact iSheriff Technical Support Team for further assistance.