2 Rules for the same IP Address

Question

Hi All, 
 
 Currently we are trying to figure out a way to perform the following 
 Aim: Allow Certain Users to Access Google Drive and Whatsapp Web based on their IP 
 Example: 
 1st IP : 10.10.10.10 - Have access to google Drive download only 
 2nd IP : 10.10.10.20 - Have access to Whatsapp Web only 
 3rd IP :10.10.10.30 - Have access to Both 
 4th IP : 10.10.10.40 - No access to Both 
 
 Problem 
 1. Cannot figure out a way to only allow google drive upload. Currently both Upload and Download is enabled 
 2. Is it possible that 1 IP can be used for 2 rules? the whatsapp web rule and Google Drive Rule. Currently if Whatsapp web rule is above, the Google Drive Rule is ignored.

Tri-e SDN BHD · Answer

Thank you LuCar for your response. 
 
 I managed to figure out a way to solve the issue. 
 
 I set one of the rules to only trigger when connecting to a FQDN host (*.drive.google.com) 
 
 This leaves the Whatsapp rule to be triggered only for whatsapp traffic.

LuCar Toni · Answer

Firewall is using a "First match" approach. So if a rule matches for LAN to WAN for example, those policies will be used. Some apps can be controlled by Web filter. So you could try to resolve it like this: 
 Do a LAN to WAN Rule. Attach a Proxy to this LAN to WAN. Create clientless users for your IPs. Attach Clientless users to those Apps in Webfilter and allow it. Then create a ANY block below of this.

2 Rules for the same IP Address

Top Replies