I'm hoping you can help me, I've searched through this forum and cannot find an answer, is it possible to block Internet Access for clients based on their OU or name/FQDN?
I am able to block based on client.IP but cannot see a way to block with the OU membership of full name.
We have just implemented McAfee Web Gateway 7 - all was going well until we were asked to block access to the Internet for a particular set of PC's regardless of the logged in user, and they must still be able to access internal sites.
I was hoping to creat a rule based on the PC's OU where I could simply drop PC's into which were not allowed to access the Internet, i would rather not do this on IP Address.
Unless anyone can think of a better/simpler way of doing it, I assume Web Gateway would have this facility and be easy to implement, having already told the 'boss' I can do it!
If your DNS is updated by your DHCP server, you could do a revers lookup to get the system's hostname.
You could compare the hostname with a list of names, or you could query for it in LDAP to find its OU. I don't have the specifics on the LDAP query, but there are other examples floating around the forum that you can start with and modify to fit your needs.