SonicWALL SonicWALL UTM Appliance manual

Page 19

allowed access through it. Matching traffic from the user or members of the user group will be given access, and matching traffic from anyone else will be denied access. For multiple user groups to be allowed access, create a single parent group user containing all of them as members and set a single rule specifying that parent group as the users allowed.

A shortcoming in the rule configuration does allow rules to be created that are identical in all but the user group information. If two such rules were to be created, the first one (higher priority) would always be matched, and the other would not work. This behavior may be changed in some future version of SonicOS to allow rule matching on the entire rule at once so as to allow multiple allow rules for different groups.

Also note that Deny rules cannot be created that specify any user or group. The reason is that if you were to create a rule to deny access for specific users, a user could bypass it and get access simply by logging out (a user who is not logged in is unknown and therefore not a member of the user group to be denied). To deny access to specific users you must create a rule with users allowed set to a user group that contains everyone who is to be allowed access, and make sure that the users to be denied are not members of it.

19

Image 19
Contents Contents Page Integrating LDAP/Active Directory with Sonicwall UTM Configuring the CA on the Active Directory ServerImporting the CA Certificate onto the SonicWALL Configuring the SonicWALL Appliance for LdapPage Page Page Page Page Page Page Enable Radius to Ldap Relay Enables this feature Authentication Page Page Page Creating Firewall Rules with Ldap Groups/Users SonicOS Options That Leverage Groups/UsersPage Page Firewall Rules with Bandwidth Management & Logging Page Blocking Domains with Firewall Rules Blocking Websites Domain Names for Groups/UsersPage Page Navigate to Firewall Access Rules Create a rule to allow Http traffic for your allowed lists Do the same for Https Create the deny rules for Http and Https Firewall rules should now look like the below picture Blocking Https SSL Domains with SSL Control Configuring a SSL Blacklist and Whitelist Page Applying Different CFS Policies to Groups Page Creating Custom CFS Policies Navigate to the Policy tab and add a new CFS policy Page Page Page Http//$$fwinterface$$/$#SWLSTYLESCSS#$ Variables for Custom Block Page in SonicOSAdvanced Sample Code for SonicOS Basic Sample Code for SonicOSPage Page Sample Code for SonicOS 5.1 or Earlier Sample JavaScript Code for SonicOSApplying Application Firewall Polices to Groups/Users Page Page Page Page Tightening Control over the Browsing Behavior of Users Blocking IM Traffic Categorically Applying Granular IM Policies Global VPN Client GVC Applying VPN Access Policies to Groups/UsersPage SSL-VPN NetExtender Guest Services Wireless Guest Services