topic Re: Best Practice - Blocking Applications at Certain times. in General Topics

Best Practice - Blocking Applications at Certain times.

Wykeham — Wed, 10 Oct 2018 13:48:25 GMT

Greetings

I am trying to find a Best Practice for blocking applications at certain times for a certain group of users.

As i see it

I create a policy for these users allowing them access to a few applications. now if i wanted to allow them acces to Instagram or Netlix as an example.

I could

1) add Netflix in tho the allowed group, then

A) Create a block Policy on a schedual AFTER the allow Policy.

B) Create a block Policy on a schedual BEFORE the allow Policy.

2) Create a an ALLOW Policy for Netflix on a schedual.

But i dont really know which option works Best.

Can someone provide some insight or point me to a Knowledge base that might explain the best way to do this?

Thank you

Re: Best Practice - Blocking Applications at Certain times.

OtakarKlier — Wed, 10 Oct 2018 15:07:17 GMT

Hello,

While I have not seen an article on this yet. I am in favor of the whitelist approach method. In your example it would be option 2. This way its still DENY ALL and allow by exception.

Hope that helps!

Re: Best Practice - Blocking Applications at Certain times.

BPry — Wed, 10 Oct 2018 19:08:42 GMT

@Wykeham,

This is one of those 'depends on environment/people' type of things. I would personally go with option 2, knowing that if it didn't match the allow policy it would hit the interzone-default policy. However, I'm also envolved in enviroments where the other administrators can't seem to visulize how the traffic is supposed to process unless I did something like option 1. Either one obviously works perfectly fine.