Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Harmesh_Yadav
Collaborator

Need assitance for User based and Ip based Internet Policy

Dear team ,


We have environment Like Below .


OS R81 MGMT in VM and GW is 3100


Hub and Spoke Topology , Branch location having gateway and connected to HO MGMT over Internet .


VPN Is configured for Internal communication Hub and Spoke topology

I am creating policy for Branch gateway - internet is Local .

This is Inline layer Rule .


Base Rule - Source Any - Destination ANY - Service ANY- Action accept .


Find Below policy configuration as per order .

1. Destination allow policy for ALL - Created Group of IP address and Website address which should be allow for internal operation. also bypassed through HTTPS inspection.- Action allow

2. Allowed O365 and other Recommended Dynamic HTTPS inspection destination - Also added in HTTPS inspection Policy- Action allow

3. AD server - Destination (internet) - ANY(Application and services) required services .- Action Allow

4. Source is (Access Role ) - Destination (internet) - List of Allow categories (Gov, fiance and computer )- Action allow

5. Source is (Access Role full access ) - Destination (internet) - List of Blocked Categories for This group .- Action block with Message

6. Source is (Access Role medium access ) - Destination (internet) - List of Blocked Categories for This group .- Action block with Message

7.Source is (Access Role limited access ) - Destination (internet) - List of Blocked Categories for This group .- Action block with Message

8. Source is (Access Role limited access ) - Destination (internet) - ANY(Application and services) .- Action Allow

In inline rule default action selected as allow.


Find below Requirement which needs to be fulfilled


1. user based Internet access as per policy .- AD query configured - Single sign on without any username password page. (i have already configured )

2. internet only allow who is part of AD - if any one( not part of ad) connect cable in LAN and tried to access internet it should be block

3. Need IP based Policy for some of machine which is part of lan only.


Seeking for your help to achieve given requirement .


Thank you in advance !!

Harmesh Yadav
0 Kudos
1 Reply
PhoneBoy
Admin
Admin

I believe you can create an Access Role of “any recognized” which means it would only apply to machines identified by Active Directory.
You could use that as part of a top-level rule for a layer that more granularly definite who is allowed to access what on the Internet.
Your IP-based rules could go below or above that, but given the vagueness of that requirement, the right answer might be different.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events