Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Longson_Ho1
Contributor

Setup a "Terms of Use" page for users when browsing internet

Dear mate,
is it possible to configure checkpoint to show/redirect a "Terms of Use" page to end users at the start of everyday (and timeout 24 hours) when user start browsing internet at office?

I am thinking about UserCheck, but UserCheck is designed to show when access specified web category/ application/ downloading virus.

What I want to do is showing a Terms of Uses Page to end user, require them to click "Agree/ Confirm" before they are access the internet.

Thank you!!

0 Kudos
7 Replies
Maarten_Sjouw
Champion
Champion

You are thinking in the right direction and no it was not only designed for the Block message.

The Action setting you are looking for is called Ask. Here you can show a specific piece of text (your policy) and then require them to click ok to be able to continue.

Regards, Maarten
0 Kudos
Longson_Ho1
Contributor

Hi Maarten,

Thank you for the insight.
To achieve my goal. I am thinking of setup an access control policy layer with 1 rule only matching web browsing with  the ask action.

Like this.

I am thinking of configuration like this.
But does it have any "smarter" way?

0 Kudos
Maarten_Sjouw
Champion
Champion

Personally I would not do it this way, I would use an inline layer where you make sure to set the different rules with the block and allow rules, replacing specific allow rules with the ask action.

That way you can exclude some networks/usergroups from this, it also allows you to prevent internal aaplications to be hit by the rule.

In other words you have more control over when and who will get the policy statement.

Regards, Maarten
0 Kudos
Daniel_Taney
Advisor

I think this is actually a great way to accomplish this! Its a great use case for policy layers and ensures the TOS rule won't get missed. The only thing I'd ask is whether you truly want this to be an *ANY* / *ANY* rule? You might find some unintended consequences and may want to consider tightening the Source to a group of LANs where your users reside. You might also want to consider making the Destination specific to the Internet. Otherwise, your users could get UserCheck pages while accessing Internal web services. (Unless you want that)

I may actually steal this idea Smiley Happy 

R80 CCSA / CCSE
0 Kudos
Maarten_Sjouw
Champion
Champion

That is also why I rpoposed to only do it inside the layer, as this way you also get the message before a block page.

Regards, Maarten
Daniel_Taney
Advisor

I wasn't thinking of it that way, but I agree!

R80 CCSA / CCSE
0 Kudos
Timothy_Hall
Legend Legend
Legend

If you have the Captive Portal function of Identity Awareness enabled, you can use "unregistered guest access" with a customized page that forces the user to accept Terms of Service and/or enter other voluntary information such as name and contact info as described here:

sk115052: How to allow unregistered guests access to the internet

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events