Controlling access to websites

Many organizations need to control access to certain categories, and often the access varies according to user group. For example, you may wish to allow some users to access websites that are blocked by the default workplace policy.

Objectives

When you complete this unit, you’ll know how to do the following:
  • Create a group of users for whom you want to allow access to categories
  • Add a policy that permits access to categories
  • Create a firewall rule for the policy and specify users
  • Position the firewall rule

Create a user group

You want to allow a group to be able to access some categories that are blocked by the default workplace policy. You create a group that allows unlimited access.

  1. Go to Authentication > Groups and click Add.
  2. Specify the settings.
    OptionDescription
    Group name Research
    Surfing quota Unlimited internet access
    Access time Allowed all the time
  3. Click Save.

Create a policy that allows access to categories

You create a policy that allows access to some categories that are blocked by the default workplace policy.

  1. Go to Web > Policies and click Add policy.
  2. Specify the settings.
    OptionDescription
    Name Web categories
  3. Click Add rule.
    The firewall creates a default rule at the top of the rule hierarchy that blocks all HTTP traffic for all users. The rule is off.
  4. Move the pointer over the Activities field, click the activity (All web traffic), and then click Add new item.
  5. Clear the All web traffic check box.
  6. Click Show only and select Web category.
  7. Select categories and Apply selected items.
  8. Move the pointer over the Action field, click the Action indicator, and select Allow HTTP.
  9. Click the Status switch to turn the rule on.
  10. Click Save.

Create a firewall rule and apply the policy

Your configuration contains a rule that blocks access for all users for the Default workplace policy. However, you want to add a rule that allows some users to access some categories that are blocked by the default policy. You create a rule for those users and move it to the top of the list.

  1. Go to Rules and policies > Firewall rules. Select IPv4 or IPv6 and select Add firewall rule.
  2. Specify the settings.
    OptionDescription
    Rule name Web research group
    Source zones Any
    Destination zones Any
  3. Scroll down to the Identity section and click Add new item.
  4. Clear the Any check box, select Research, and click Apply selected items.
  5. Scroll down to the Advanced section and select the Web categories policy.
  6. Click Save.
    The firewall adds the rule below the rule for the Default workplace policy. Because you want the firewall to process the rule for the web research group first, you move it to the top of the hierarchy.
  7. Click the drag handle of the rule for the web research group and drag the rule to the top of the list.
    The web research group rule will be processed first. Any traffic that matches the rule criteria (user group and categories) will be permitted. Traffic that matches users and categories in the default rule will be blocked.