Creating Security Policies Using Local Users

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Creating Security Policies Using Local Users

L1 Bithead

Hi All, I have a question, I have a pa-200 setup in my home lab and would like to block certain sites using Local Users in my Security Policies.  What is the best way to achieve this?


Cyber Elite
Cyber Elite


If you're using local users you would either do this with an authentication rulebase entry so that users who weren't recognized would need to "sign-in" essentially so you know who they are, or you would need to deploy GlobalProtect and use an internal gateway so that it can collect the user for you. 

Once you have the user information you would simply create whatever security rulebase entires that you desire to block the traffic and apply them to the correct users. Since you are using this in your home, you'll likely want to create exceptions for your authentication entries where it makes sense to do so (Printers, IOT devices, ect.). 

@BPry, I don't have a support contract for this device, I'm using this at home to restrict my children from certain sites.  Is Global Protect available for download for free and can I use it to accomplish what you suggested?  I'm currently using Captive Portal to identify users based on security policies but, this is kind of tedious because it forces everyone to sign-in first to authenticate and then allow them access to websites that are authorized.


You won't be able to setup GlobalProtect on mobile devices without a subscription or use an internal gateway, but you can still setup GlobalProtect to deal with the user identification aspect.

Unfortunately without any active subscriptions your option is going to be kinda limited. Captive Portal is going to be your easiest solution, but it is going to be more involved setup. 

@BPry, do you have any documentation that can help me in setting this up?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!