This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Allow policy for 2 hours per day

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Allow policy for 2 hours per day

Mr.Robot
L0 Member

‎12-29-2018 06:09 AM

Hi 

It is possible to allow a rule for 2 hours within a possible time window

I would like to allow for exampe youtube for 2 hours per day for our employees .

 

 

Could i solve this somehow via API ? 

 

Regards Markus

0 Likes Likes
3 REPLIES 3

Remo
L7 Applicator

‎12-29-2018 07:48 AM

Hi @Mr.Robot

 

Yes, you can solve this via API with complex rulechanges, dynamic addressgroups and enabling/disabling rules ...

 

But for your initial question there is a much simpler solution: use a schedule object in your youtube policy to allow access at specific times per day.

Screenshot_20181229-163333_Chrome.jpg

 

Regards,

Remo

0 Likes Likes

Mr.Robot
L0 Member
In response to Remo

‎12-30-2018 04:42 AM

Hi Remo

Thanks for reply , but that is what i already found .

What i like is to have is a budget of two hours and i´d like to use this two hours somewhere between the scheduler timeframe.

Bye Mr.R.

0 Likes Likes

Remo
L7 Applicator
In response to Mr.Robot

‎12-30-2018 07:51 AM

Hi @Mr.Robot

 

Ok, now I get it. The only solution in this case is the API and it heavily depends on how important this is to you and your skills on programming/scripting (or the skills of the people who will implement this), because this task (I assume) will be time consuming.

 

At this point I need to say I haven't done this, but the following lines describe the way I would do it/try it.

 

Requirements:

  • User-ID
  • TLS decryption
  • a computer/server that has access to the firewall management interface
  • 2 Firewallrules: one that blocks youtube for a specific usergroup and one that allows youtube with a schedule applied with the timeframe where youtube should be allowed

 

The solution:

You need to write a program that runs on the server. This program needs to constantly check the sessiontable for youtube sessions. If there are sessions you need to track these sessions to check when they reach 2 hours and if they do you need to close that session and add the user to the youtube-deny-usergroup, so that if this user tries again to access youtube he/she will not be able to. In addition to this you also need to check the logs for sessions that do not last 2 hours. The times of these sessions you need to sum together and as soon as this time reaches 2 hours you have to add the user to the deny-youtube-group. Once a day you can then remove the users from that deny group.

With all this you need to check on what specific app you need to use for the session tracking because accessing youtube opens quite a few sessions in parallel - this is to make sure that the two hours aren't reached when a user is only about 10 min on youtube.

 

In all this you need to also do a lot of testing, but I think there is a solution for your requirement.

0 Likes Likes
  • 2003 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks