Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 41 subscribers
  • Views 4326 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block URL group for all except authenticated users

BioTech

Hello everyone,

New to XG line, trying to block only the specific "URL group" for every user while only authenticated user group ("managers") that can login and access blacklisted websites listed in the group.

Issue is that:

a) every website is blocked for non-authenticated users not just our blacklisted few in the URL group. 

b) when user authenticates then they are allowed to view ONLY blacklisted websites and nothing else.

 

---- our top firewall rule ---

Rule
Apply "Allow All" app filter, "Block Blacklisted Websites" web filter, for any user, when in "LAN" zone, and coming from any network

Source & schedule
LAN
Source networks and devices : Any
During scheduled time : All the time

Destination & services
WAN
Destination networks : Any
Services : Any

Identity
Any

---

 

-- our web policy Block Blacklisted Websites --

 

What is the best approach here?

Thanks you!



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I would do differently. You have created a unique policy with both rules. One rule with authentication and the other without. In my experience, policies should not mix authenticated users and non-authenticated users. Even policies for authenticated users in AD, for example, should not at least mix different groups. So I would create a firewall rule (first) for the authenticated users and apply the policy also from the authenticated users. After or last in the order I would create the firewall rule for the unauthenticated users by applying the corresponding policy.
    In my experience too, the rules applied to the unauthenticated users must be either the first or last in the list.

    Hope this helps! Good luck.

    [:)]

Reply
  • 0

    Hi,

    I would do differently. You have created a unique policy with both rules. One rule with authentication and the other without. In my experience, policies should not mix authenticated users and non-authenticated users. Even policies for authenticated users in AD, for example, should not at least mix different groups. So I would create a firewall rule (first) for the authenticated users and apply the policy also from the authenticated users. After or last in the order I would create the firewall rule for the unauthenticated users by applying the corresponding policy.
    In my experience too, the rules applied to the unauthenticated users must be either the first or last in the list.

    Hope this helps! Good luck.

    [:)]

Children
No Data
Unfiltered HTML