Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
12-03-2012 06:22 AM
I want to use Active Directory for all blocks and overrides. We currently have a Barracuda that presents a block page that presents users with password entry that utilizes Active Directory. Certain groups are allowed access. Can this be done on the PAN?
12-03-2012 01:27 PM
Hi Bill
This can't be achieved in the exact same manner, but you could set up userID on your active directory and you can then build security/URL policies based upon AD groups and grant/deny users access based on their group membership.
how to install the uidagent
how to add group mapping
regards
Tom
12-03-2012 01:27 PM
Hi Bill
This can't be achieved in the exact same manner, but you could set up userID on your active directory and you can then build security/URL policies based upon AD groups and grant/deny users access based on their group membership.
how to install the uidagent
how to add group mapping
regards
Tom
12-04-2012 05:47 AM
Thanks for your reply Tom.
We are already running User-ID with LDAP and Radius.
We have IT Engineers and some Super Users that need access to the block list and overrides.
I guess I will configure policies.
Seems like a simple feature....
12-04-2012 05:55 AM
Would it be possible to do a feature request on this?
For example, wouldn't it be much easier to allow someone to override blockage to a known good .exe file rather than blocking all .exe's? Websites normally blocked etc....
It would be way easier than creating a policy for every situation.
12-04-2012 10:49 PM
But this is exactly what you get with userid.
1) Allow download
srczone: clients
dstzone: internet
user: AD_SURF_Allowed_download
option: file(*.exe)
action: allow
2) Deny download
srczone: clients
dstzone: internet
option: file(*.*) #or how you wish to construct it
action: deny
12-05-2012 06:39 AM
Are these examples policies?
I want a response page that comes up whenever someone attempts to do anything that is blocked.
There will be an Active Directory group of people that we will allow overrides.
I want the user to be able to enter an Active Directory password in that response page that will allow overrides to application blocks, url filtering blocks and file blocks.
This is how it currently works in our Barracuda.
If I am missing something, please help? 
12-07-2012 12:38 AM
Hi Bill
For fileblocking we currently only have the "continue" page that can present the user with a visual warning their action may be a violation of company policy or be harmful.
For URL filtering we also have an "override" page which requires a password to get past, but currently that only supports a static password. What you are looking for does sound like a nice feature to have so the override can be unlocked by a specific user rather than a static password, in case user A is blocked but user B is allowed to swing by and unlock the download for example. Please contact your sales rep, they can have a feature request created for you.
regards
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
