Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Suresh_Kumar_K
Participant

Blocking Non active directory user from internet

Hi Team, 

We have configured AD users base authentication to give internet access, as of now the internet is getting use for all the users (ADusers and NON AD Users)

we need to block internet for non AD users.

what setting we want to do it on checkpoint.

regards

suri

0 Kudos
5 Replies
Kaspars_Zibarts
Authority
Authority

I would suggest using Identity Awareness blade - but it's not just a tickbox that will magically desperate AD vs non-AD users. You will have to configure it and set rules using access roles instead of IPs

0 Kudos
Suresh_Kumar_K
Participant

Dear Kaspars, 

Thanks for the replay, 

can we know how to configure set of rules to block non AD users 

regards

suri 

0 Kudos
Kaspars_Zibarts
Authority
Authority

I'm afraid I can't guide you through the process here as there are multiple options to chose from. So you will need to read up documentation first, make your design decisions and then implement it.

Good start point is identity awareness administration guide as part of regular documentation bundle depending on your SW version

Then you may want to check

ATRG: Identity Awareness 

or just search User Center

0 Kudos
Maarten_Sjouw
Champion
Champion

Once you have Identity Awareness setup you would create an allow rule in which you use an access role, this needs to be filled with the correct AD Objects.

The next rule will be a drop for anything else.

Regards, Maarten
0 Kudos
Alessandro_Marr
Advisor

Use Identity Awareness as Kaspars Suggestion... remember that if your users change from OU on your AD many times you could have problems because access rules won´t looking for in others OU after their been created