cancel
Showing results for 
Search instead for 
Did you mean: 
smalldog
Level 12

Authenticate users

Hi all, In my company i config my policy that allow some users browse internet. Now i have problem: Users that browse internet they give account to some body who have not permission to internet. Now i want to block this so just one user can browse internet if two users concurrent access with one account. Could you tell me how to config this? Thanks!

0 Kudos
4 Replies
salanis
Level 10

Re: Authenticate users

You should reinforce your rules by adding the IP address of the users who can browse. For example, at the rule set you can add criteria that says:

Client.IP is in range 192.168.1.0/24

That would restrict access to users that are browsing from the 192.168.1.x address space.

A complete example would be:

Authentication.Username equals internetaccess

AND

Client.IP is in range 192.168.1.0/24

Now, not only do they have to satisfy the correct user, but have to be browsing from a certain IP range.

Hope that helps.

0 Kudos
smalldog
Level 12

Re: Authenticate users

Thanks for reply Salanis, but my LAN have a lot users that in range 192.168.1.0/24 and some users in the same LAN share account not other LAN. So any other way that check session?

0 Kudos
jont717
Level 12

Re: Authenticate users

Well the first question would be: How many users?

The next questions is: Are you using Active Directory?

Sounds like you need to allow Internet browsing by IP address and give the users who are allow to the Internet a static IP.  Then you don't even have to authenticate just say IF=IP address=x.x.x.x then allow to internet.

The bottom line is you must punish those who are giving their passwords out to other users.  This has to be against company policy. These users should NOT be allowed to use the internet anymore.  But this goes back to how many users are allowed to the internet and if this would be manageable.

Denying someone if another account is logged on with the same name is not going to work well.  What if the person who is NOT allowed to the internet signed on first, then the person who is allowed trys to sign on.  They will not be able too.  Of course in the end that will stop them from giving out their password.

0 Kudos
smalldog
Level 12

Re: Authenticate users

Ok thanks for your support!

0 Kudos