Website unblock for some particular users

More Information;

 

I am running the policy I have neabled the policy in the firewall - Network rule 

Source Zone : Lan  

Source Network : Any

 

Destination & Services

Destination:WAN

Destination Networks: Any

 

Advanced

Web Policy : i have selected the created webpolicy

NAT & Routing - Enabled - Rewrite source address (Masquerading)

 

I have already one policy which running in lan network; This policy is basically it will block facebook & twitter;
Now the problem is my boss computer also coming under this lan network; so i have to release only for boss/boss computer i need to give facebook & twitter access; basical by boss should bybass this policy & some other users also.

 

Please any one help for this

 

 

I have already one policy which running in lan network; This policy is basically it will block facebook & twitter;
Now the problem is my boss computer also coming under this lan network; so i have to release only for boss/boss computer i need to give facebook & twitter access; basicaly my boss should bypass this policy & some other users also.

 

Here with I attached the firewall rule & polices kindly help me on this...

I have already one policy which running in lan network; This policy is basically it will block facebook & twitter;
Now the problem is my boss computer also coming under this lan network; so i have to release only for boss/boss computer i need to give facebook & twitter access; basicaly my boss should bypass this policy & some other users also.

 

Here with I attached the firewall rule & polices kindly help me on this...

There are multiple ways to solve this problem, easiest of which is to Clone a rule above and in the 'Source Networks and Devices' create a IP Host object with the IP Address that you want to bypass.

1. You will have to create a new Web policy as well which has 'Social Networking' etc. as Allowed and apply it to the cloned rule.

2. This method will only work if the device you want to bypass has a Static IP (If you are using DHCP, you can do a Static IP - MAC mapping on your DHCP server so the given machine always gets the same IP, but this method can be abused [If someone manually enters the same IP on their machine instead of DHCP])

3. The machine may connect via Ethernet / Wireless, so you must bypass both those IP's (Provided that they are Static)

4. Alternatively, you can also bypass on the basis of Mac address (provided you do not have a L3 switch between the XG and the device) but this method may not be a completely accurate approach.

Hi;

 

Thanks for your reply;

 

Is that any other method is there. Like group basic becuase my network is DHCP & AD user basic. So is that possible to create the groups Like All open; moderate Access group like that?

 

how to do that? if you step by step printscreen kindly share 

Inside the web policy the lan to wan you can specify different rules per each user/groups. Go to web menu > policy, expand the web policy and add the user inside the web policy. Use drag-n-drop to move the allowed users at the top. Regards

Step 2 of this kb:

As you can see different users with different behavior.