09-27-2017 02:57 AM
Hello,
I have configured the users in the office to be identify with Active Directory. I can see the users identification in the Monitor tab. But when i set a rule with user AD identifier don't work!
I add two rules :
rule 1: deny access for a specific AD users to social networks
rule 2: allow access to any users (internet access).
The first rulee always don't take effect . I saw the users always access to all sites with the second rule.
There is any suggestion please .
Thank you for help.
09-27-2017 04:35 AM
Hi @ra7oub4,
Can you add more details about how the rules are configured and how the firewall is logging the actual sessions ?
Cheers !
-Kiwi.
09-27-2017 06:55 AM
Click on mag glass and see what is session end reason.
Also go to URL filter log and see what action is for those users accessing unwanted sites.
09-27-2017 07:20 AM
from CLI.
show user group list
copy the fqdn for the restricted group.
show user group name "paste fqdn" (use quotes if fqdn has spaces)
scroll down to ensure users are in that group and ensue domain\ is same as username in policy.
09-27-2017 07:23 AM
To identify user's group membership it is easier to use following command:
> show user user-ids match-user raido
09-28-2017 08:26 AM
Hello,
Thank you very much for your helps.
The problem is solved .
Thank you very much for all your response.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
