10-20-2016 05:39 AM - edited 03-08-2019 05:40 PM
Hi Guys, I'm trying to create a policy set, but am trying to do the following (as an example):
1) All users have access to social networking during lunch time
2) Some users, defined by an AD group, always have access to social networking
3) Some users, defined by an AD group, are banned from social networking
I am a bit confused about how I can implement this, since we have many of these kinds of instances that must be created.
Thanks!
Jacques
10-21-2016 07:59 AM
Jacques,
The best way to think about setting your policies up is to think of them like an ACL. Therefore for your setup, you would need to structure the policy from most restrictive to non-restrictive.
Example:
-More specific rules
1) Policy to block AD group all the time
2) Policy to allow AD group all the time
3) Allow based on time
- Other general rules
10-29-2016 06:44 PM
If you are using WSA in proxy mode, you can achieve all 3 of them from its policy and time based profile configuration.
1) All users have access to social networking during lunch time
You can create a time based profile for lunch hours and non-lunch hours. Then in the policy and in the social networking category, apply the time based profile and set lunch hours to allow while non-lunch hours profile to block.
2) Some users, defined by an AD group, always have access to social networking
This is achiveable by enabling authentication in Identity then create access policy that using that identity and apply the AD group to the policy and allow social networking category.
3) Some users, defined by an AD group, are banned from social networking
This is achiveable by enabling authentication in Identity then create access policy that using that identity and apply the AD group to the policy and block social networking category.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide