Control access to websites
Many organizations need to control access to certain categories, and often the access varies according to user group.
For example, you may want to allow some users to access websites blocked by the default workplace policy.
Objectives
When you complete this unit, you'll know how to do the following:
- Create a group of users for whom you want to allow access to categories
- Add a policy that permits access to categories
- Create a firewall rule for the policy and specify users
- Position the firewall rule
Create a user group
To allow a group to access some categories blocked by the default workplace policy, create a group that allows unlimited access.
- Go to Authentication > Groups and click Add.
-
Specify the settings.
Name Description Group name Research Surfing quota Unlimited internet access Access time Allowed all the time -
Click Save.
Create a policy that allows access to categories
Create a policy that allows access to some categories blocked by the default workplace policy.
- Go to Web > Policies and click Add policy.
-
Specify the settings.
Name Description Name Web categories -
Click Add rule. The firewall creates a default rule at the top of the rule hierarchy that blocks all HTTP traffic for all users. By default, the rule is turned off.
-
Move the pointer over the Activities field, click the activity (All web traffic), and click Add new item.
-
Clear the All web traffic check box.
-
Click Show only and select Web category.
-
Select categories and Apply selected items.
-
Move the pointer over the Action field, click the Action indicator, and select Allow HTTP.
-
Click the Status switch to turn the rule on.
-
Click Save.
Create a firewall rule and apply the policy
Your configuration contains a rule that blocks access for all users for the Default workplace policy. However, you want to add a rule that allows some users to access some categories that are blocked by the default policy. You create a rule for those users and move it to the top of the list.
- Go to Rules and policies > Firewall rules. Select IPv4 or IPv6 and select Add firewall rule.
-
Specify the settings.
Name Description Rule name Web research group Source zones Any Destination zones Any -
Scroll down to the Identity section and click Add new item.
-
Clear the Any check box, select Research, and click Apply selected items.
-
Scroll down to the Advanced section and select the Web categories policy.
-
Click Save. The firewall adds the rule below the rule for the Default workplace policy. Because you want the firewall to process the rule for the web research group first, you move it to the top of the hierarchy.
-
Click the drag handle of the rule for the web research group and drag the rule to the top of the list.
The web research group rule will be processed first. Any traffic that matches the rule criteria (user group and categories) will be permitted. Traffic that matches users and categories in the default rule will be blocked.
More resources