Step 7: Next navigate to Users > Local Groups and configure the Group you want the new CFS policy to apply to.
Step 8: Select the CFS policy you created under the CFS Policy tab. Repeat this same process for every group that requires custom CFS settings.
Enforcing CFS Policies without Requiring All Users to Authenticate
There is one more trick you can do with CFS involving user authentication. Some organizations want a default policy that applies to virtually everyone, but would rather not use Single Sign On (SSO) or local authentication for the majority of their user base. However, they still want a way for specific groups/users to be able to authenticate so they can bypass the default CFS policy. In this scenario, you will want to customize the CFS block page. The default block page informs a user that website is forbidden for X reason. What we want to do is add some simple html code that informs the users the page is still forbidden, but include a link that redirects them to login into the firewall. After logging in that user will now inherit whatever CFS permissions you’ve assigned them.
39