Showing results for 
Search instead for 
Did you mean: 

deny Access to all



I've managed to add an Identity ldap and an Access Policy that requires authentication of Members in the group cn=internet.

If a User is NOT in group cn=internet but exists in LDAP, the User is getting Internet access. I need to disable Internet Access to all

Users NOT in Group cn=internet.

Trace is: DETAILS: DefaultGroup "Access"

How do I disable Access for the DefaultGroup ? I can't find a DefaultGroup anywhere.

Thank You


3 Replies 3

Ken Stieers
VIP Advisor VIP Advisor
VIP Advisor

Go to the Global Policy in Web Security Manager>Access Policies and set it to block everything, then above that create a policy for group cn=Internet that allows internet users to go where ever they're allowed...

Edit:  That will cause a little havoc with stuff that doesn't usually authenticate (Outlook, Windows Activation stuff, etc., so plan for that...)

This is a change from Bluecoat to Ironport, we already have the authentication Stuff configured.

Access Group noAuth and added the CustomURL's. There's a little cosmetic  issue. There is a

Error Message Proxy_Auth_Required. I'd like the user to see that instead of something like 

'Your request has been blocked by Company Rules'.

Hmm, I see what you mean...

I think you'll need somthing like this:

In Access Policies:

non auth agents (Outlook/Windows activation, etc...)  --> allowed      

authed users in cn=Internet group --> allowed

authed users not in group --> blocked                               

Global policy --> everything blocked                                  

Go to Network/Authentication and set "Action if Authentication Service Unavailable" to Permit

Go to Web Security Manager/Identities, and in the Global Identity Policy, turn on Guest Privledges.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers