Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 6288 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Several Policies to build up Web Protetction Rules

ChristianSchneider1

Hi all,

I have a customer that hat the following requirement:

- for all users there is a rule that denies several URLs and Categories

- but: there are 4 groups of users that are allowed to use URLs out of there categories so in my example:

  1. Internet Access Level 1 (All Access)
  2. Internet Access Level 2 (most pages)
  3. Internet Access Level 3 (banking, amazon etc)
  4. Internet Access Level 4 (Default Users -> no AD group assigned)

My Idea was to create those rules and just do some "allow url lists" on Level 2/3 and the deny on level 4. But I the user is member of the AD Group for Level 3 the rule for any users simply does not work. 

So - do I have to create the same denys on all web filter policies or can I have a "global" deny rule and allow only some URLs for other users? 

Thanks an Br



This thread was automatically locked due to age.
Parents
  • 0

    In XGv16, this scenario can be solved with one Webfilter Policy containing different Rules. Something what is currently not supported by XGv15. If I remember correctly, you have to create Multiple Firewall Rules each having applied a different Webfilter Policies what makes it somehow complicated. So sharing your Config wouldn't be a bad idea for that.

  • 0 in reply to HuberChristian

    Hi, thanks for you replys. Yeah, I assume it just does not work like I want it. 

    So, thats my rules. It starts at the top with the "allow all" and ends with the "deny" rule. In the middle (e.g. layer_4) there are some domains on the whitelist that are blacklisted further down. But the other blacklists from "deny" do not work... so this is by design?

    Thanks :)

Reply
  • 0 in reply to HuberChristian

    Hi, thanks for you replys. Yeah, I assume it just does not work like I want it. 

    So, thats my rules. It starts at the top with the "allow all" and ends with the "deny" rule. In the middle (e.g. layer_4) there are some domains on the whitelist that are blacklisted further down. But the other blacklists from "deny" do not work... so this is by design?

    Thanks :)

Children