02-10-2017 11:14 AM
Is it possible to develop rules within a WSA to block authenticated privileged users from accessing the Internet? A network engineer believes that the previous security team had this working in the past (over two years ago), but none of the team remain in the organization.
Solved! Go to Solution.
02-14-2017 03:34 AM
Hi Bernard,
The question here is: how do you define "Authenticated privileged users"?
In general, let us assume we are forcing authentication (thus you have Authentication-based Identification Policy).
If you create new AD group that will contain "all the authenticated users that you wish to block", you can easily make the access policy to:
- Use authentication identity
- Match your AD group of "blocked.users
- Access policy will in essence "Block all protocols" and show the EUN page
I hope this is what you had in mind, if not, please clarify what type of users you want to block, but in essence logic would be the same.
Cheers,
Ana
02-14-2017 03:34 AM
Hi Bernard,
The question here is: how do you define "Authenticated privileged users"?
In general, let us assume we are forcing authentication (thus you have Authentication-based Identification Policy).
If you create new AD group that will contain "all the authenticated users that you wish to block", you can easily make the access policy to:
- Use authentication identity
- Match your AD group of "blocked.users
- Access policy will in essence "Block all protocols" and show the EUN page
I hope this is what you had in mind, if not, please clarify what type of users you want to block, but in essence logic would be the same.
Cheers,
Ana
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide