cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Blocking Non active directory user from internet

Hi Team, 

We have configured AD users base authentication to give internet access, as of now the internet is getting use for all the users (ADusers and NON AD Users)

we need to block internet for non AD users.

what setting we want to do it on checkpoint.

regards

suri

0 Kudos
5 Replies

Re: Blocking Non active directory user from internet

I would suggest using Identity Awareness blade - but it's not just a tickbox that will magically desperate AD vs non-AD users. You will have to configure it and set rules using access roles instead of IPs

0 Kudos

Re: Blocking Non active directory user from internet

Dear Kaspars, 

Thanks for the replay, 

can we know how to configure set of rules to block non AD users 

regards

suri 

0 Kudos

Re: Blocking Non active directory user from internet

I'm afraid I can't guide you through the process here as there are multiple options to chose from. So you will need to read up documentation first, make your design decisions and then implement it.

Good start point is identity awareness administration guide as part of regular documentation bundle depending on your SW version

Then you may want to check

ATRG: Identity Awareness 

or just search User Center

0 Kudos

Re: Blocking Non active directory user from internet

Once you have Identity Awareness setup you would create an allow rule in which you use an access role, this needs to be filled with the correct AD Objects.

The next rule will be a drop for anything else.

Regards, Maarten
0 Kudos

Re: Blocking Non active directory user from internet

Use Identity Awareness as Kaspars Suggestion... remember that if your users change from OU on your AD many times you could have problems because access rules won´t looking for in others OU after their been created