URL Filtering Continue and Override Page

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

URL Filtering Continue and Override Page

L3 Networker

I want to use Active Directory for all blocks and overrides. We currently have a Barracuda that presents a block page that presents users with password entry that utilizes Active Directory. Certain groups are allowed access. Can this be done on the PAN?

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Hi Bill

This can't be achieved in the exact same manner, but you could set up userID on your active directory and you can then build security/URL policies based upon AD groups and grant/deny users access based on their group membership.

how to install the uidagent

PanAgent Installation

how to add group mapping

regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

Hi Bill

This can't be achieved in the exact same manner, but you could set up userID on your active directory and you can then build security/URL policies based upon AD groups and grant/deny users access based on their group membership.

how to install the uidagent

PanAgent Installation

how to add group mapping

regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Thanks for your reply Tom.

We are already running User-ID with LDAP and Radius.

We have IT Engineers and some Super Users that need access to the block list and overrides.

I guess I will configure policies.

Seems like a simple feature....

Would it be possible to do a feature request on this?

For example, wouldn't it be much easier to allow someone to override blockage to a known good .exe file rather than blocking all .exe's? Websites normally blocked etc....

It would be way easier than creating a policy for every situation.

But this is exactly what you get with userid.

1) Allow download

srczone: clients

dstzone: internet

user: AD_SURF_Allowed_download

option: file(*.exe)

action: allow

2) Deny download

srczone: clients

dstzone: internet

option: file(*.*) #or how you wish to construct it

action: deny

Are these examples policies?

I want a response page that comes up whenever someone attempts to do anything that is blocked.

There will be an Active Directory group of people that we will allow overrides.

I want the user to be able to enter an Active Directory password in that response page that will allow overrides to application blocks, url filtering blocks and file blocks.

This is how it currently works in our Barracuda.

If I am missing something, please help? Smiley Happy

Hi Bill

For fileblocking we currently only have the "continue" page that can present the user with a visual warning their action may be a violation of company policy or be harmful.

For URL filtering we also have an "override" page which requires a password to get past, but currently that only supports a static password. What you are looking for does sound like a nice feature to have so the override can be unlocked by a specific user rather than a static password, in case user A is blocked but user B is allowed to swing by and unlock the download for example. Please contact your sales rep, they can have a feature request created for you.

regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1 accepted solution
  • 3249 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!