URL Filtering Continue and Override Page

Reply
Highlighted
L3 Networker

URL Filtering Continue and Override Page

I want to use Active Directory for all blocks and overrides. We currently have a Barracuda that presents a block page that presents users with password entry that utilizes Active Directory. Certain groups are allowed access. Can this be done on the PAN?


Accepted Solutions
Highlighted
L7 Applicator

Hi Bill

This can't be achieved in the exact same manner, but you could set up userID on your active directory and you can then build security/URL policies based upon AD groups and grant/deny users access based on their group membership.

how to install the uidagent

PanAgent Installation

how to add group mapping

regards

Tom

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374

View solution in original post


All Replies
Highlighted
L7 Applicator

Hi Bill

This can't be achieved in the exact same manner, but you could set up userID on your active directory and you can then build security/URL policies based upon AD groups and grant/deny users access based on their group membership.

how to install the uidagent

PanAgent Installation

how to add group mapping

regards

Tom

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374

View solution in original post

L3 Networker

Thanks for your reply Tom.

We are already running User-ID with LDAP and Radius.

We have IT Engineers and some Super Users that need access to the block list and overrides.

I guess I will configure policies.

Seems like a simple feature....

Highlighted
L3 Networker

Would it be possible to do a feature request on this?

For example, wouldn't it be much easier to allow someone to override blockage to a known good .exe file rather than blocking all .exe's? Websites normally blocked etc....

It would be way easier than creating a policy for every situation.

Highlighted
L6 Presenter

But this is exactly what you get with userid.

1) Allow download

srczone: clients

dstzone: internet

user: AD_SURF_Allowed_download

option: file(*.exe)

action: allow

2) Deny download

srczone: clients

dstzone: internet

option: file(*.*) #or how you wish to construct it

action: deny

Highlighted
L3 Networker

Are these examples policies?

I want a response page that comes up whenever someone attempts to do anything that is blocked.

There will be an Active Directory group of people that we will allow overrides.

I want the user to be able to enter an Active Directory password in that response page that will allow overrides to application blocks, url filtering blocks and file blocks.

This is how it currently works in our Barracuda.

If I am missing something, please help? :smileyhappy:

Highlighted
L7 Applicator

Hi Bill

For fileblocking we currently only have the "continue" page that can present the user with a visual warning their action may be a violation of company policy or be harmful.

For URL filtering we also have an "override" page which requires a password to get past, but currently that only supports a static password. What you are looking for does sound like a nice feature to have so the override can be unlocked by a specific user rather than a static password, in case user A is blocked but user B is allowed to swing by and unlock the download for example. Please contact your sales rep, they can have a feature request created for you.

regards

Tom

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!