Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 7531 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.5 WEB profile

Asankag

Dear Team,

I have some issues assigning a web usage policy to my network. what I want to do is pretty simple, still I'm unable to figure it out. Following is my scenario. 

 

01. I have a domain at my network.

02. I have a group in my domain called "internet users" who has internet access.

 

what I want to do is,

I want to block internet access to everyone except for the people in the "internet users" group. users should not ask for any authentication and UTM should check that whether they are in the "internet users" group and allow access accordingly.

what I have done is I have blocked all on the base policy (please refer to the A1 image). then I created a web profile called "internet _allow" and configured it accordingly. (please refer images -1,2,3).

Still this not working for me as expected, kindly advice me where I have mis-configured.

 

Thanks in advance for all the reply's.

 

Regards

s



This thread was automatically locked due to age.
Parents
  • +1
    The system goes though Web Profiles in order, top to bottom, and finds the first profile with a matching Allowed Network.  It then uses that profile.  The profile in "Web Filtering" is the base (lowest priority) profile - you can see that as the bottom row in the Web Filter Policies page.
     
    It makes no sense to have two different Web Filter Profiles with the same Allowed Networks.  The lower priority profile will never get used.
     

    In the highest level profile, set the Default authentication to AD SSO.  Do not turn on block on failure.
     
    Inside that profile, add a policy just like you did.
     
    Inside that profile, the Base Policy is what is used when nothing else matches - in your case when the user did not match.  Se the filter action to the default content filter block option.
     
    Test.
     
    Users that successfully authenticate with AD Single Sign On should hit your filter action deny.  Users that fail the SSO should be blocked as the last action.
     
    Now alternatively turn on the block on failure.  Now watch what happens when the AD SSO fails.
     
    Decide which blocking behavior you like better.
     
     
    If it doesn't work, please describe what it is doing.  You first message "not working for me as expected" does not give us much information to work with.
Reply
  • +1
    The system goes though Web Profiles in order, top to bottom, and finds the first profile with a matching Allowed Network.  It then uses that profile.  The profile in "Web Filtering" is the base (lowest priority) profile - you can see that as the bottom row in the Web Filter Policies page.
     
    It makes no sense to have two different Web Filter Profiles with the same Allowed Networks.  The lower priority profile will never get used.
     

    In the highest level profile, set the Default authentication to AD SSO.  Do not turn on block on failure.
     
    Inside that profile, add a policy just like you did.
     
    Inside that profile, the Base Policy is what is used when nothing else matches - in your case when the user did not match.  Se the filter action to the default content filter block option.
     
    Test.
     
    Users that successfully authenticate with AD Single Sign On should hit your filter action deny.  Users that fail the SSO should be blocked as the last action.
     
    Now alternatively turn on the block on failure.  Now watch what happens when the AD SSO fails.
     
    Decide which blocking behavior you like better.
     
     
    If it doesn't work, please describe what it is doing.  You first message "not working for me as expected" does not give us much information to work with.
Children
No Data
Unfiltered HTML