Sonicwall - Filter a group of computers SonicOS Enhanced 4

Before my Sonicwall crashed and I had to restore it, I had a group of 10 computers on the network that would get prompted to enter a user name and password to access the web.  These 10 computers had about 5 websites they were allowed to go to.  Everyone else BUT that group was NOT prompted to enter a user name and password to access the sonicwall - they just had a different policy and were allowed access to the normal sites minus the obvious category's.  I've called Sonicwall and they try to tell me that it's not possible - even though it obviously is because I had it running like this for a year.  When I set it up last year, I found the solution by spending hours on google and here reading what people were saying.

I have already set so those 10 computers get prompted for a password.  I know I have to make the default policy for the network the most restrictive and then allow sites for each group.. I just cant figure out how to tell the sonicwall to make everything BUT those 10 computers have a different policy.
zer0zer0Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jlwcciCommented:
So assuming you have all the content filtering all setup already, you go to the Groups tab and assign the policy you want to the group that has all those other people. So you'd have to have one group with those 10 people and one group with everyone else. Click on the group and go to the CFS policy tab and select the policy you want to assign to that group.
The default policy is applied on the zones tab, that applies to everyone, then you do the others in the groups individually.
0
zer0zer0Author Commented:
Still confused..


Here are my 3 policy's -
Default - This is on the Zone.  It has EVERYTHING blocked.  100% restricted.
Restrictive - This is on the group of 10 computers.  Only 1 category is unblocked with a few custom approved sites.
Normal - This is for the remaining 100 computers on the network.  Only a few category's are blocked such as Porn/Hacking/Weapons/Social Networking.

I have Restrictive assigned to the group that it needs to be on, but now how do I say EVERYONE ELSE gets the "Normal" policy?  Only those 10 computers have to log in, everyone else does not since.. I assume they are not affected by a group.
0
jlwcciCommented:
You'd have to create a group (if you don't have one already) for "everyone else" and assign that group to your "normal" policy.
0
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

zer0zer0Author Commented:
How do I assign everyone else to a group without making them log in?
0
jlwcciCommented:
If you don't want them to be forced to login you'll have to use the SSO, you need to download that from the mysonicwall site, install on a server and configure it and the firewall to use it. That makes it so the sonicwall finds out who is going to the internet based on the IP address, username and group membership.
The problem you'll run into is if you have laptop users that are not part of the domain, they won't be identified since this is working with AD.

Also, if you look in the local groups tab there's a "content filtering bypass" group. You can try adding this group with "everyone else" into that one. I haven't used that one yet, but I think it should work, before you go the route of the SSO which takes some time to setup.
0
zer0zer0Author Commented:
See that's the thing.  I had this working before without using the SSO.  I just cant remember what I did.. It's driving me crazy.  I'm going to check into the filtering bypass group.
0
jlwcciCommented:
Yeah I assumed so, also, if you look at the local groups tab, there's a "Everyone" group, you can assign your Normal policy to that group. That might be the easiest thing.
0
zer0zer0Author Commented:
Sonicwall uses the least restrictive policy.. If I set the policy to that group, my restrictive group picks up this same policy.
0
jlwcciCommented:
Yeah, that kinda sucks. I don't like the way they do that, wish it was the opposite.
0
zer0zer0Author Commented:
I figured it out.. talked my way through it I guess.

I guess the groups and zone are separate.  I set the zone to be the policy for all users, and the group inherited the "Default" policy and the "Restrictive" policy.

Thanks for the help. :) Made me look in different places.  Knew it could be done!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.