In my current setup, we MWG doesnt allow downloads except for few sites to prevent users from downloading freewares due to compliance issues. Everytime we are adding the IP in GWL to make (software plugins, license activations etc) it work. Want to know if there is a easy way to achieve this.
exceptions can be made based on much information such as Client/Destination IP, Application name (but this is really limited available, so not for every site) or per category (but this would allow directly multiple sites and seems not to be what you want).
So I think if you theoretically block anything and want to whitelist only specific sites/downloads, you unfortunately have to live with your way.
Another option would be to use client IP ranges or configure servers to use dedicated proxy port where you could create rules on MWG based on client IP (server IPs) or port range to allow servers to download all their updates etc. but as it tells, this would be client based and not destination based.
thx for the response.
can you tell if we have a rule based on the client host names instead of IP's/usernames and will allow most of the categories. Will have a group in AD with computer accounts and will define in the rule. so the MWG has to authenticate against hostname, not sure if its possible or not. whenerver helpdesk needs an exception, they will add the hostname in AD.
yes, there is a opportunity to get the hostname of a connecting client via this DNS property:
Please notice, your DNS/domain controller need to be properly configured in order to retrieve all client hostnames.
Also keep an eye on performance since this extra DNS traffic could further slow down entire connections if DNS is slow for example.
You can add a new rule in your policy and give it a name in first step.
In step 2, click on Add > Advanced Criteria and select the mentioned property "DNS.Lookup.Reverse(IP)". There, you can press on "Parameters..." button and a new Window opens up. There you can switch to "Parameter property" and select "Client.IP" property (means, the DNS reverse lookup will be made for the value behind the Client.IP Property in each connection).
After that, select an operator such as "At least one in list" or "equals" (based on what rule you want to configure) and at the end, enter the hostname value or create a list which contains multiple hostname entries and click on OK.
Then select the Action and Event you want to trigger for this rule.