I get that but, what I am

tmkgm2013 · ‎06-03-2016

I am coming from Bluecoat and we have several rules that are 'Not' something. Example

Rule 1: Src:10.0.0.0 255.254.0.0 dst: bing.com action 'ALLOW'

Rule 2: Not Src:10.0.0.0 255.254.0.0 or 172.16.0.0 255.255.255.0 DST: google.com, yahoo.com action 'ALLOW'

Tao Yang · ‎06-08-2016

in WSA, you can create a specific identify based on the src IP range and then create multiple access policies ALLOW or BLOCK for the specific destination by using the same Identity.

Hope it helps and please mark my reply as correct answer if it does.

tmkgm2013 · ‎06-09-2016

I get that but, what I am trying to do is say:

not ip addresses x, y, z then -> custom url

The idea of this is that if you are not one of the three ip address then you can access the custom url

In bluecoat you can do a 'negate' on a group

Tom

Tao Yang · ‎06-09-2016

There is no such "negate" feature in WSA. The design of WSA policy is only creating the policy for the specific one and the rest will hit the default one.

For your case, you may be able to create Identity1 for ip x,y,z and Access Policy1 only for Identity1. Then the requests from rest IP will match the default Identity and default Access Policy.

Hope it helps.

NOT Command in Idenitity Policy