4 Replies Latest reply on Sep 25, 2011 8:49 PM by smalldog

    Authenticate users

    smalldog

      Hi all, In my company i config my policy that allow some users browse internet. Now i have problem: Users that browse internet they give account to some body who have not permission to internet. Now i want to block this so just one user can browse internet if two users concurrent access with one account. Could you tell me how to config this? Thanks!

        • 1. Re: Authenticate users

          You should reinforce your rules by adding the IP address of the users who can browse. For example, at the rule set you can add criteria that says:

           

          Client.IP is in range 192.168.1.0/24

           

          That would restrict access to users that are browsing from the 192.168.1.x address space.

           

          A complete example would be:

           

          Authentication.Username equals internetaccess

          AND

          Client.IP is in range 192.168.1.0/24

           

          Now, not only do they have to satisfy the correct user, but have to be browsing from a certain IP range.

           

          Hope that helps.

          1 of 1 people found this helpful
          • 2. Re: Authenticate users
            smalldog

            Thanks for reply Salanis, but my LAN have a lot users that in range 192.168.1.0/24 and some users in the same LAN share account not other LAN. So any other way that check session?

            • 3. Re: Authenticate users
              jont717

              Well the first question would be: How many users?

               

              The next questions is: Are you using Active Directory?

               

              Sounds like you need to allow Internet browsing by IP address and give the users who are allow to the Internet a static IP.  Then you don't even have to authenticate just say IF=IP address=x.x.x.x then allow to internet.

               

              The bottom line is you must punish those who are giving their passwords out to other users.  This has to be against company policy. These users should NOT be allowed to use the internet anymore.  But this goes back to how many users are allowed to the internet and if this would be manageable.

               

              Denying someone if another account is logged on with the same name is not going to work well.  What if the person who is NOT allowed to the internet signed on first, then the person who is allowed trys to sign on.  They will not be able too.  Of course in the end that will stop them from giving out their password.

              1 of 1 people found this helpful
              • 4. Re: Authenticate users
                smalldog

                Ok thanks for your support!