Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 3216 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Add a web filtering exception for a group

Jason Parlevliet

Hi All

XG 230 running SFOS 16.05.5 MR-5

Have my AD groups set up eg marketing, sales, management, and so on.  I need to apply exemptions to certain users in each group, eg Bob in Marketing is allowed to use Facebook but nobody else is, Sue and Mary in Sales can use Youtube but nobody else can.  Ideally I would have a rule that says 'if it's in the youtube URL group and user is in YoutubeAllow, allow the request, otherwise keep processing other rules' however I can't find a way to put them in an exemption rule without having to duplicate the entire policy and creating a new Policy called eg Sales with Youtube - I'm guessing the problem is that each policy MUST have a default action.

Is this actually doable or do I have to do this unwieldy duplication and double handling?

Jase



This thread was automatically locked due to age.
Parents
  • 0

    I am also struggling on this.

    I tried cloning a rule above the block web policy, with a cloned web policy that was just toggled from deny to allow.

    It didn't work as expected.

     

    Rule 1

    Source: 4 MAC addresses (of PCs) [we've not found STAS to be stable enough to use in networks]

     Dest: WAN > Youtube IP ranges

    Web policy: Allow Youtube


    Rule 2

    Source: Any

    Dest: WAN > Youtube IP ranges

    Web policy: Block Youtube

     

    From one of the aforementioned MAC addresses in Rule 1, the result is the youtube site loads, but no videos play

    If I change Rule 1 to be Destination WAN > ANY, it works normally - but then that rule is too broad

Reply
  • 0

    I am also struggling on this.

    I tried cloning a rule above the block web policy, with a cloned web policy that was just toggled from deny to allow.

    It didn't work as expected.

     

    Rule 1

    Source: 4 MAC addresses (of PCs) [we've not found STAS to be stable enough to use in networks]

     Dest: WAN > Youtube IP ranges

    Web policy: Allow Youtube


    Rule 2

    Source: Any

    Dest: WAN > Youtube IP ranges

    Web policy: Block Youtube

     

    From one of the aforementioned MAC addresses in Rule 1, the result is the youtube site loads, but no videos play

    If I change Rule 1 to be Destination WAN > ANY, it works normally - but then that rule is too broad

Children
No Data