Is it possible to block flows of traffic from users who are in the Domain Admins Active Directory group when they try to access the internet?
The firewall is currently identifying users and identifying them correctly as a member of the Domain Admins domain membership using STAS.
I set up up a LAN to WAN rule with "Match known users" ticked and "Domain Admins" added, but the problem is it treats ALL traffic from the server IP address from accessing the internet regardless of which user is on the server.
What I need is for the firewall to know which sessions are from which user, so it only blocks domain admins traffic and allows all other traffic for all other users.
Is it possible and if so how do you do it?
This thread was automatically locked due to age.