cancel
Showing results for 
Search instead for 
Did you mean: 
greenrizlas
Level 7

is It Possible to Block a Client PC by Name or OU

Hi All,

I'm hoping you can help me, I've searched through this forum and cannot find an answer, is it possible to block Internet Access for clients based on their OU or name/FQDN?

I am able to block based on client.IP but cannot see a way to block with the OU membership of full name.

We have just implemented McAfee Web Gateway 7 - all was going well until we were asked to block access to the Internet for a particular set of PC's regardless of the logged in user, and they must still be able to access internal sites.

I was hoping to creat a rule based on the PC's OU where I could simply drop PC's into which were not allowed to access the Internet, i would rather not do this on IP Address.

Unless anyone can think of a better/simpler way of doing it, I assume Web Gateway would have this facility and be easy to implement, having already told the 'boss' I can do it!

Regards,

GreenRizlas

0 Kudos
2 Replies
andyclements
Level 12

Re: is It Possible to Block a Client PC by Name or OU

If your DNS is updated by your DHCP server, you could do a revers lookup to get the system's hostname.

hostname_block.png

You could compare the hostname with a list of names, or you could query for it in LDAP to find its OU.  I don't have the specifics on the LDAP query, but there are other examples floating around the forum that you can start with and modify to fit your needs.

0 Kudos
greenrizlas
Level 7

Re: is It Possible to Block a Client PC by Name or OU

Hi Andy,

Thanks for the quick reply, I shall give that a go and let you know how I get on.

Cheersn

GreenRizlas

0 Kudos