I am unsure of how to solve this issue with URL filtering. Lets say HR wants to block the job search category and the hacking category except for specific users. I have an Active Directory group to allow Job Search for people who are allowed to access those sites, and another AD group for IT people who are allowed to access the Hacking group.
My problem is the people who fall into both groups - they are allowed Hacking and Job Search because they are in both AD groups.
If I use a URL Filtering Security Profile, the the "Allow Job Search" rule (which has Hacking blockecd) hits first, and the user is blocked, even though they are also allowed to access Hacking sites, which the rule below that allows.
If I use the "Service/URL Category" option in the firewall rule instead, it works, but then it does not log the information in the URL Filtering log. HR wants to be able to have logs for all sites allowed or blocked, so we have "alert" set.
Is there any way to handle providing access to people who happen to be in multiple groups, and also be able to log their browsing history?
Thank you.
... View more