Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 2629 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Simple why to block a single website for a host or network group

DanEbdon

So there's a particular website I don't want a pair of hosts (which I've grouped into a network group) to access.

I've bodged a solution by creating a new web filter profile which applies to that network group and to which a policy applies and to which a filter action applies.

But goodness - that seemed a long winded way to go about it? In addition, and this is really the crux of the matter because I didn't mind it being long-winded - I had to clone my existing base policy and then modify it to also block this particular website, because if I didn't, the new policy which ONLY blocked this particular website meant that the base policy did not apply!

I'm sure I must be missing something obvious.

At the moment things are working how I want them to...but I think I've got a lot of redundant policy because of how I've done it.

Hope my explanation above makes sense.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Dane,

    Actually, you did everything correctly...:), but I would not recommend using Base policy for allowing access. I always configure Base policy with "Default content filter block action" and then create new policies from the scratch with greater priority than the base one.

    New web profile that you created have greater priority than the default one for defined IP addresses in Network Group, that part is OK.
    But...UTM matches the first policy that satisfied all of the criteria and applies it to the user access, not evaluating any policies under it.

Reply
  • 0

    Hi Dane,

    Actually, you did everything correctly...:), but I would not recommend using Base policy for allowing access. I always configure Base policy with "Default content filter block action" and then create new policies from the scratch with greater priority than the base one.

    New web profile that you created have greater priority than the default one for defined IP addresses in Network Group, that part is OK.
    But...UTM matches the first policy that satisfied all of the criteria and applies it to the user access, not evaluating any policies under it.

Children
No Data