06-03-2016 10:27 AM
I am coming from Bluecoat and we have several rules that are 'Not' something. Example
Rule 1: Src:10.0.0.0 255.254.0.0 dst: bing.com action 'ALLOW'
Rule 2: Not Src:10.0.0.0 255.254.0.0 or 172.16.0.0 255.255.255.0 DST: google.com, yahoo.com action 'ALLOW'
06-08-2016 06:28 PM
in WSA, you can create a specific identify based on the src IP range and then create multiple access policies ALLOW or BLOCK for the specific destination by using the same Identity.
Hope it helps and please mark my reply as correct answer if it does.
06-09-2016 11:56 AM
I get that but, what I am trying to do is say:
not ip addresses x, y, z then -> custom url
The idea of this is that if you are not one of the three ip address then you can access the custom url
In bluecoat you can do a 'negate' on a group
Tom
06-09-2016 11:03 PM
There is no such "negate" feature in WSA. The design of WSA policy is only creating the policy for the specific one and the rest will hit the default one.
For your case, you may be able to create Identity1 for ip x,y,z and Access Policy1 only for Identity1. Then the requests from rest IP will match the default Identity and default Access Policy.
Hope it helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: