Thank you for your question.
The first step in achieving this is to isolate the group of users whom need special access to their own policy.
Once they have their own policy you must determine the best method for allowing the type of traffic so they can reach their destination.
One quick example, if you are blocking say the "gambling" category but your users need access to a site categorized as such:
- You can re-categorize the site to a user-defined category.
- You can exempt the URL via the filter by expressions.
- Or you can White List a URL.
However, to answer part of your question. When a user receives the error message "No Authorization this means the user failed mapping to a policy.
How are you authenticating users?
on 11/18/10 9:45:04 PM CST
Sorry for a very late response and thanks for the answer.
User mapping is still an issue.
We are using NTLM authentication for the Users and additional input I can provide is, in error page we see either the URL or the IP address against the User name Value. I think this is the main reason of User Mapping failure, Bu t I am not able to find the culprit. is it the browser (IE or Firefox) or the proxy?
Guide me pls.
maybe the ntlm-auth-requests ran into an overload-condition at the domaincontroller. you should consider to cache ntlm-requests for better performance. I'm not sure about the exact location of this configuration option, but you can easily find it if you enter ntlm in the 'search' field at the config panel.
hope this helps
maybe you should rise the ntlm-cache-ttl. we have defined 300secs = 5min here. another thing to consider: how many dc's per domain do you have defined under 'user mgmt - windows domain membership'? for backup and maybe performance reasons you should have two dc's defined at least.
and for the network side you should also check the interfaces and their speed and duplex. sometimes there are differences between switchport and eth-speed/duplex.
otherwise I'm clueless
Did you got any positive results, after the TTL change?
With kind regards,