8 Replies Latest reply on Jun 5, 2015 10:40 AM by Jon Scholten

    Arranging rules & ruleset in policies

    Haaris Faizan

      We want to create three groups and under each group we want to have 20 sub groups .How can we create them in order to work properly and also as recommended by McAfee.I have through the documents for standard ruleset but I m not able to create three groups so that it can work accordingly.

      Can anyone show m the screenshot of their rules created in the way like group and subgroups

        • 1. Re: Arranging rules & ruleset in policies
          asabban

          Hello,

           

          I think some more details are required. Can you elaborate what exactly you mean when stating "three groups and under each group ... 20 sub groups"?

           

          Generally it is not a problem to make three rule sets with 20 rule sets as children, the most important part is probably setting the criteria. Can you maybe give a quick example what exactly you are trying to achieve?

           

          Best,

          Andre

          • 2. Re: Arranging rules & ruleset in policies
            Haaris Faizan

            Thanks Andre for the response,

             

            Suppose under first group there is a subgroup called HR for which the rule is client.IP is in list and URL matches in list with action stop ruleset.Likewise,there are other subgroups under this group.At the end of first group last subgroup is block rule,which is working fine. But when I create the second group like the first group all URLs under second group are getting blocked as there is a block rule at the end of first group.

            How can I create rules so that all URLs under second and third group won't get blocked.


            If u want screenshot I can provide it to you for clear understanding

            • 3. Re: Arranging rules & ruleset in policies
              Haaris Faizan

              Hi Andre,

               

              Could you help m with this..

              • 4. Re: Arranging rules & ruleset in policies
                asabban

                Yes, please provide the screenshots you mentioned.

                 

                Best,

                Andre

                • 5. Re: Arranging rules & ruleset in policies
                  Haaris Faizan

                  Proxy-Policy.jpgScreenshot attached. We can do that by combining all sub groups in different group into one group but we want to manage it through three groups.how can we do it.

                  • 6. Re: Arranging rules & ruleset in policies
                    asabban

                    Hello,

                     

                    I think the problem is that the Rule Sets (e.g. "First Group", "Second Group", "Third Group") do not have any criteria. This means that every request from - for example - the third group also enters the rule set for the first group - and gets blocked by the "Block All" rule. On the other hand if a request from first group hits a "Stop Rule Set" action in the first group rule set MWG will jump into the rule set for the second group - and the block action will most likely apply and block access.

                     

                    Basically you can design rules like shown in the screenshot but you have to make sure in the rule sets that only the right requests go into that rule set by adjusting the criteria. Client IP might be suitable here... for the first group shown in the screenshot you could make the criteria for the rule set "DC-DR_Servers" like this:

                     

                    Client.IP is in list SMS_Gateway_IPs_Allowed

                    OR

                    Client.IP is in list Microsoft_Update_IPs_Allowed

                    OR

                    Client.IP is in list Symantec_IPs_Allowed

                    OR

                    ...

                     

                    You do the same for the other rule sets (second group, third group).

                     

                    If now a request comes from any host in "Symantec_IPs_Allowed" this request will only go into the first group. If a "Stop Rule Set" action matches the request will leave the first group rule set and - because of the criteria we set - not go into the second or third group rule sets.

                     

                    Best,

                    Andre

                    • 7. Re: Arranging rules & ruleset in policies
                      Haaris Faizan

                      Thanks Andre,

                      Actually we tried that but the thing is that every time we have to add IPs in group as well as subgroup also.

                      Is there any other way to go or we have to go with this.

                      • 8. Re: Arranging rules & ruleset in policies
                        Jon Scholten

                        Hi Haaris,

                         

                        Is your goal to assign specific URL filtering rulesets to specific IP ranges/groups/users? Is your goal also that these users be filtered by *only one* URL filtering policy?

                         

                        If so then what you are trying to accomplish exactly what is described in this article:

                        How To: Creating a "Policy Assignment" ruleset (formerly "Web Mapping")

                         

                        Best Regards,

                        Jon