Jacques,

JACQUES DU PLESSIS · ‎10-20-2016

Hi Guys, I'm trying to create a policy set, but am trying to do the following (as an example):

1) All users have access to social networking during lunch time

2) Some users, defined by an AD group, always have access to social networking

3) Some users, defined by an AD group, are banned from social networking

I am a bit confused about how I can implement this, since we have many of these kinds of instances that must be created.

Thanks!

Jacques

Thomas Busch · ‎10-21-2016

Jacques,

The best way to think about setting your policies up is to think of them like an ACL. Therefore for your setup, you would need to structure the policy from most restrictive to non-restrictive.

Example:

-More specific rules

1) Policy to block AD group all the time

2) Policy to allow AD group all the time

3) Allow based on time

- Other general rules

Handy Putra · ‎10-29-2016

If you are using WSA in proxy mode, you can achieve all 3 of them from its policy and time based profile configuration.

1) All users have access to social networking during lunch time

You can create a time based profile for lunch hours and non-lunch hours. Then in the policy and in the social networking category, apply the time based profile and set lunch hours to allow while non-lunch hours profile to block.

2) Some users, defined by an AD group, always have access to social networking

This is achiveable by enabling authentication in Identity then create access policy that using that identity and apply the AD group to the policy and allow social networking category.

3) Some users, defined by an AD group, are banned from social networking

This is achiveable by enabling authentication in Identity then create access policy that using that identity and apply the AD group to the policy and block social networking category.

How do I create this policy?