cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Rule to filter by IP range and allow them to specific categories

Jump to solution

Good afternoon,

We use MWG by AD group, where people in a specific group only get access to the categories designated for that group.

Now we have to add a rule where all traffic coming from specific IP subnets (possibly single IPs also) get filtered as if they were in the group, for example High Restriction group.  It has access to Real Estate.  So the IPs should only be able to get to Real Estate.

What I have so far is:

Client.IP - is in range list - Don't Authenticate Client.IP List

AND

URL.Categories - none in list - Restrict High

Action:  Block

 No matter which I choose (none in list, contains, at least one in list, etc.) never seems to work.  The Client.IP part works and doesn't authenticate, but it never filters by the categories in the Restrict High list and I can't figure out why.  Any suggestions?

 

1 Solution

Accepted Solutions
btlyric
Level 12
Report Inappropriate Content
Message 2 of 3

Re: Rule to filter by IP range and allow them to specific categories

Jump to solution

Try enabling rule engine tracing for a client IP with which you can perform testing.

The generated output should provide more insight into why the criteria isn't matching in the expected manner.

2 Replies
btlyric
Level 12
Report Inappropriate Content
Message 2 of 3

Re: Rule to filter by IP range and allow them to specific categories

Jump to solution

Try enabling rule engine tracing for a client IP with which you can perform testing.

The generated output should provide more insight into why the criteria isn't matching in the expected manner.

Re: Rule to filter by IP range and allow them to specific categories

Jump to solution

Wow, so this is always one of the first troubleshooting steps I do.  I did it again just to make sure I didn't miss anything and sure enough, my IP address was added to the rule I cloned which is right before this rule, so I was hitting that first rule and it never made it to the second.  Once again, a second set of eyes is always a good thing.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community