cancel
Showing results for 
Search instead for 
Did you mean: 
wajeeh_r
Level 9

Allow everything for executives group but protection from malicious sites & files

Dear Experts,

I need to have a rule for my executives that will by pass all kind of filtering for them, like blocking of social media, streaming media, any kind of messenger OR application, but with the same I need that they should be protected from any malicious sites, sites which have bad reputation, I need them to take benifit of this facility of gateway, other wise it is of no use to allow them fully from web gateway with out any kind of protection from web threats, nudity, phishing sites

Please advise how I can I do this in gateway, I know I can create a database local to MWG and do stop rule set to get the request from executives people to jump to next rule set so in all rule sets I need to do this until I reach rule set for Dynamic content classification, Gateway Antimalware, because on the other hand if I do stop cycle as soon as I match the user name from executives group, it will skip all rule sets afterwards and hence no benifit of facilities of web gateway protection.

Waiting for responses.

Thanks,

Wajeeh

0 Kudos
7 Replies
wajeeh_r
Level 9

Re: Allow everything for executives group but protection from malicious sites & files

Dear Experts,

Please share your experiences

0 Kudos
wajeeh_r
Level 9

Re: Allow everything for executives group but protection from malicious sites & files

No reply on this post, Guys are you there ?

0 Kudos
eelsasser
Level 15

Re: Allow everything for executives group but protection from malicious sites & files

The rules i posted on this thread should do what you are asking:

https://community.mcafee.com/message/311102#311102

0 Kudos
jspanitz
Level 7

Re: Allow everything for executives group but protection from malicious sites & files

Question on that ruleset:

Right now we have duplicate rulesets cuilt for each AD group based on a previous example here on the forums.  While it's very flexible it's administratively cumbersome.  I like the ruleset you posted but am not sure I completely understand the flow.

For instance, we have basic access, exception level 1 and exception level 2 and executive for example.  The basic, exception 1 and exception 2 build upon each other.  So with this ruleset, would we have to allow each category in each exception level (which is the reverse of normal, selecting a category is normally done to block) or just the additional categories for each exception - in other words are they cumulative.  I am sure it's the former due to the Stop Rule Set action.

Where I get more confused is the 2nd last rule:

URL Filter: Override Blocked Categories
1: URL.Categories<URL Filter: Default> at least one in list URL Filter: Override Blocked Categories
Stop Rule SetCategories that override a block if site is in multiple categories.

What does this really do - weren't all the exceptions already made above it in the ruleset?  When would this come into play?

0 Kudos
eelsasser
Level 15

Re: Allow everything for executives group but protection from malicious sites & files

I have always found it easiest to have a single set of ruels for URL filtering.

Block the categories that you want to block for everyone at the bottom, and rules above it are just skipping around the block.

The Override Blocked Categories is used for sites that have multiple categories assigned to them.

If you had a site in both the Games and the Education category, it would normally be blocked on the Games at the bottom.

If you put an override on the education category, you will allow sites that are educational even if they contain another blocked category.

0 Kudos
jspanitz
Level 7

Re: Allow everything for executives group but protection from malicious sites & files

Ok, so by doing this we could unintentionally allow a blocked category if the site was in multiple categories and oneof those was in the allowed category, correct?

0 Kudos
wajeeh_r
Level 9

Re: Allow everything for executives group but protection from malicious sites & files

Hello Eelsasser,

With reference to your post on 20th for creating exceptions1, exceptions2 and exceptions3 (for executives), where I can create those exceptions:categories ? Kindly guide me.

Thanks,

0 Kudos