Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 28 subscribers
  • Views 7352 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can i create user based application policy ?

Ozgur Gursoy

Hello,

 

I try to create an user or user-group based application policy, i can easily create a web policy which inside all user groups but i have to make same think for application policy ?

I need to define different firewall rules that include different web and application policies, web policies is easy but i can not find a solution for application policies.

 

Thank you



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Ozgur Gursoy

    Hi Ozgur,

    So, as part of your AD you can disable people'e access to VPN's via a GPO.

    Ian

  • 0 in reply to rfcat_vk

    VPN or P2P is just an example :)

    why do i have to use a single application policy for all clients ? 

    I might want to allow some users to allow facebook games or block them. I should be able to do that with application policies ?

    As you can see in the image below, it is a drop for users outside the defined group and the next firewall rule does not work

  • 0 in reply to Ozgur Gursoy

    Hi,

    I think you misunderstand. You create groups within your AD and then create the groups in the XG where people are allowed to connect using STAS functions. (You would have to read the KBA and search the forums, I am not a STAS user). You can create your own application policies and assign them to a firewall rule/s.

    I have an application policy on my XG, for VoIP.

    You will need to change your rules to use HTTPS scanning as well.

    Ian

  • 0 in reply to rfcat_vk

    I would like to explain this with an example

    I created 3 user groups, 

    Group A, Group B, Group C

    also created 3 application policies, 

    AppPolicy1, AppPolicy2, AppPolicy3 

    Ok,

    Group A have connect to wan in AppPolicy1,

    Group B have connect to wan in AppPolicy3 (for example)

    Group C have connect to wan in AppPolicy2

    So, i should create 3 firewall rules for this operation but firewall rules is triggering through via only network ip or hosts is not depending user groups. 

     

    Can I explain my problem? 

     

  • 0 in reply to Ozgur Gursoy

    Like mentioned in my post earlier. You need to setup all those 3 Groups in XG as primary group and fill them with users. Then you are able to perform your actions because you setup up 3 user based policies and attach all those 3 app policies to these 3 rules. 

    It will work.

    Same for IPS, VPN, etc.

    But you cannot simply use the same mechanism like HTTP Proxy. The Proxy works in a different way, so he can perform a lookup to get other groups out of AD. 

  • 0 in reply to LuCar Toni

    Thank you LuCar for chiming in to assist.

    Ian