cancel
Showing results for 
Search instead for 
Did you mean: 
ankush.g
Level 7

Web gateway group based policy

Hi guys

I want to create a policy for active directory groups . There are 3 groups 1)HR 2)accounts 3)sales i want group HR can only access job portal and nothing else and in same way the another groups i have refered many links please help in creating the group based policy.

0 Kudos
5 Replies
exbrit
Level 21

Re: Web gateway group based policy

Moved from Community Help to Web Gateway for better support

---

Peter

Moderator

0 Kudos
Troja
Level 14

Re: Web gateway group based policy

Hi ,

do you mean 3 active directory groups should only be able connect to a specific URL category?

You can use a list for the AD groups or you can define them separately. How the rule is done exactly depends also on your ruleset. If the e.g. URL.category already blocked you can define a rule with action Stop Ruleset.

Example:

If you have a Rule where the URL.categories professional networking is already blocked you can add the following rule above to allow this URL.category for the three active directory groups

Try this properties

(

authentication.usergrous equals HR

     OR

authentication.usergroups matches *accounts*

     OR

authentication.usergroups equal sales

)

     AND

Url.category equals professional networking

Action: Stop Ruleset

Try this. At the moment i have no access to MWG GUI, so i cannot define a sample rule or screen shot.

Hope this helps,

Cheers

0 Kudos
ankush.g
Level 7

Re: Web gateway group based policy

Hi Troja

I have tried this rule

authentication.usergroups equal sales

)

     AND

Url.category equals professional networking

Action: Stop Ruleset

But it did'nt worked can you please show me the policy with some snapshot where i can get the clear picture how to create and how to block group based policy

0 Kudos
frank_enser
Level 12

Re: Web gateway group based policy

Hi,

try using Rule Tracing Central under Troubleshooting to see why the rule doesn't match. See for an explanation (example 2).

My best guess: the usergroup doesn't match the usergroup from authentication. But just use Rule Tracing Central to verify.

Regards,

Frank

0 Kudos
lubomir_cerny
Level 12

Re: Web gateway group based policy

Hi ankush.g

We use groups from AD normaly. You must have working authentication against AD (or any other LDAP/Kerberos system). Then you will have needed values populated.

There is our example rule. Block if authenticated user is not member of AD groups (List of group names):

AD-UserGroups.png

You can check if authentication returns needed group names via Settings - Authentication - Authentication Test:

If authentication works, then the result will display all groups user belongs to:

MWG - User Auth test.png

Hope this helps.

0 Kudos