I have configured the users in the office to be identify with Active Directory. I can see the users identification in the Monitor tab. But when i set a rule with user AD identifier don't work!
I add two rules :
rule 1: deny access for a specific AD users to social networks
rule 2: allow access to any users (internet access).
The first rulee always don't take effect . I saw the users always access to all sites with the second rule.
There is any suggestion please .
Thank you for help.
Can you add more details about how the rules are configured and how the firewall is logging the actual sessions ?
the identification is enable on your zones ?
DEvice>network>zone> check the box "enable identification" in zone parameters
Click on mag glass and see what is session end reason.
Also go to URL filter log and see what action is for those users accessing unwanted sites.
show user group list
copy the fqdn for the restricted group.
show user group name "paste fqdn" (use quotes if fqdn has spaces)
scroll down to ensure users are in that group and ensue domain\ is same as username in policy.
To identify user's group membership it is easier to use following command:
> show user user-ids match-user raido
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!