https://community.cisco.com/t5/web-security/restrict-non-domain-computers/m-p/941302#M232 <HTML><HEAD></HEAD><BODY><P>I believe you could put these PCs into a different subnet and create a policy based on the subnet.<BR /><BR />I think so anyway.<BR /><BR />-<BR />Jason</P></BODY></HTML> Wed, 14 May 2008 22:13:07 GMT jason.spangler 2008-05-14T22:13:07Z https://community.cisco.com/t5/web-security/restrict-non-domain-computers/m-p/941301#M231 <P>Does anyone know if it is possible to restrict access based on domain membership or an AD Group? <BR /><BR />The purpose is to restrict non-domain computers even if the client has a legitimate domain credential to use for authentication.</P> Wed, 14 May 2008 01:52:56 GMT https://community.cisco.com/t5/web-security/restrict-non-domain-computers/m-p/941301#M231 charles_ironport 2008-05-14T01:52:56Z https://community.cisco.com/t5/web-security/restrict-non-domain-computers/m-p/941302#M232 <HTML><HEAD></HEAD><BODY><P>I believe you could put these PCs into a different subnet and create a policy based on the subnet.<BR /><BR />I think so anyway.<BR /><BR />-<BR />Jason</P></BODY></HTML> Wed, 14 May 2008 22:13:07 GMT https://community.cisco.com/t5/web-security/restrict-non-domain-computers/m-p/941302#M232 jason.spangler 2008-05-14T22:13:07Z https://community.cisco.com/t5/web-security/restrict-non-domain-computers/m-p/941303#M233 <HTML><HEAD></HEAD><BODY><P>That is correct. The only way to restrict these computers would be to make a rule (above your auth group policies), that states the specific IPs / subnets are granted certain / no access.<BR /><BR />As long as the rule is above all your auth rules, it will trigger first and take precedence. Be sure to disable WBRS for this rule as well, since there is a potential for +6 sites to be allowed.</P></BODY></HTML> Wed, 14 May 2008 23:07:28 GMT https://community.cisco.com/t5/web-security/restrict-non-domain-computers/m-p/941303#M233 jowolfer 2008-05-14T23:07:28Z