https://community.cisco.com/t5/web-security/predefined-url-category-filtering/m-p/1350115#M976 <HTML><HEAD></HEAD><BODY><P>First access policy wins.&nbsp; It's processed from top-down.</P><P></P><P>If you haven't, adjust your identity policies to match on authenticated users first, IPs second.</P><P></P><P>Create a new access policy, place it at the top of the list.&nbsp; </P><P></P><P>Change <EM>Identities</EM> to Select one or more...</P><P></P><P>Change <EM>Select Identity...</EM> to the Identity Policy that matches your AD authentication.&nbsp; Check the Selected G<EM>roups</EM> radio button.&nbsp; Click groups, add the group you want to allow access with.</P><P></P><P>Click the <EM>Advanced</EM> button at the bottom of the screen.&nbsp; Click <EM>URL Categories</EM>.&nbsp; Choose the URL category you want to allow access to.</P><P></P><P>After you click OK/Submit a couple times, you should be back at the list of access policies.&nbsp; Click the box inside <EM>URL Categories</EM> that matches the access policy you just created.</P><P></P><P>Check the appropriate mode for that URL category (monitor, warn, block, allow, time-based, etc).</P><P></P><P>Click ok.</P><P></P><P>Apply.&nbsp; Test.&nbsp; <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Mon, 08 Feb 2010 23:58:54 GMT nadamsgreektown 2010-02-08T23:58:54Z https://community.cisco.com/t5/web-security/predefined-url-category-filtering/m-p/1350114#M975 <P>We are running IronPort S160 and have created Identities and Access Policies.We have created AD groups and use those groups for validating against access policies.However for one of the department in a group we need to allow a URL Category that is currently blocked for everybody in that group.</P><P>How can we go about doing this?</P> Mon, 08 Feb 2010 16:53:19 GMT https://community.cisco.com/t5/web-security/predefined-url-category-filtering/m-p/1350114#M975 abhishek.1024 2010-02-08T16:53:19Z https://community.cisco.com/t5/web-security/predefined-url-category-filtering/m-p/1350115#M976 <HTML><HEAD></HEAD><BODY><P>First access policy wins.&nbsp; It's processed from top-down.</P><P></P><P>If you haven't, adjust your identity policies to match on authenticated users first, IPs second.</P><P></P><P>Create a new access policy, place it at the top of the list.&nbsp; </P><P></P><P>Change <EM>Identities</EM> to Select one or more...</P><P></P><P>Change <EM>Select Identity...</EM> to the Identity Policy that matches your AD authentication.&nbsp; Check the Selected G<EM>roups</EM> radio button.&nbsp; Click groups, add the group you want to allow access with.</P><P></P><P>Click the <EM>Advanced</EM> button at the bottom of the screen.&nbsp; Click <EM>URL Categories</EM>.&nbsp; Choose the URL category you want to allow access to.</P><P></P><P>After you click OK/Submit a couple times, you should be back at the list of access policies.&nbsp; Click the box inside <EM>URL Categories</EM> that matches the access policy you just created.</P><P></P><P>Check the appropriate mode for that URL category (monitor, warn, block, allow, time-based, etc).</P><P></P><P>Click ok.</P><P></P><P>Apply.&nbsp; Test.&nbsp; <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Mon, 08 Feb 2010 23:58:54 GMT https://community.cisco.com/t5/web-security/predefined-url-category-filtering/m-p/1350115#M976 nadamsgreektown 2010-02-08T23:58:54Z