Sonicwall - Filter a group of computers SonicOS Enhanced 4

Before my Sonicwall crashed and I had to restore it, I had a group of 10 computers on the network that would get prompted to enter a user name and password to access the web.  These 10 computers had about 5 websites they were allowed to go to.  Everyone else BUT that group was NOT prompted to enter a user name and password to access the sonicwall - they just had a different policy and were allowed access to the normal sites minus the obvious category's.  I've called Sonicwall and they try to tell me that it's not possible - even though it obviously is because I had it running like this for a year.  When I set it up last year, I found the solution by spending hours on google and here reading what people were saying.

I have already set so those 10 computers get prompted for a password.  I know I have to make the default policy for the network the most restrictive and then allow sites for each group.. I just cant figure out how to tell the sonicwall to make everything BUT those 10 computers have a different policy.
zer0zer0Asked:
Who is Participating?
 
zer0zer0Author Commented:
I figured it out.. talked my way through it I guess.

I guess the groups and zone are separate.  I set the zone to be the policy for all users, and the group inherited the "Default" policy and the "Restrictive" policy.

Thanks for the help. :) Made me look in different places.  Knew it could be done!
0
 
jlwcciCommented:
So assuming you have all the content filtering all setup already, you go to the Groups tab and assign the policy you want to the group that has all those other people. So you'd have to have one group with those 10 people and one group with everyone else. Click on the group and go to the CFS policy tab and select the policy you want to assign to that group.
The default policy is applied on the zones tab, that applies to everyone, then you do the others in the groups individually.
0
 
zer0zer0Author Commented:
Still confused..


Here are my 3 policy's -
Default - This is on the Zone.  It has EVERYTHING blocked.  100% restricted.
Restrictive - This is on the group of 10 computers.  Only 1 category is unblocked with a few custom approved sites.
Normal - This is for the remaining 100 computers on the network.  Only a few category's are blocked such as Porn/Hacking/Weapons/Social Networking.

I have Restrictive assigned to the group that it needs to be on, but now how do I say EVERYONE ELSE gets the "Normal" policy?  Only those 10 computers have to log in, everyone else does not since.. I assume they are not affected by a group.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
jlwcciCommented:
You'd have to create a group (if you don't have one already) for "everyone else" and assign that group to your "normal" policy.
0
 
zer0zer0Author Commented:
How do I assign everyone else to a group without making them log in?
0
 
jlwcciCommented:
If you don't want them to be forced to login you'll have to use the SSO, you need to download that from the mysonicwall site, install on a server and configure it and the firewall to use it. That makes it so the sonicwall finds out who is going to the internet based on the IP address, username and group membership.
The problem you'll run into is if you have laptop users that are not part of the domain, they won't be identified since this is working with AD.

Also, if you look in the local groups tab there's a "content filtering bypass" group. You can try adding this group with "everyone else" into that one. I haven't used that one yet, but I think it should work, before you go the route of the SSO which takes some time to setup.
0
 
zer0zer0Author Commented:
See that's the thing.  I had this working before without using the SSO.  I just cant remember what I did.. It's driving me crazy.  I'm going to check into the filtering bypass group.
0
 
jlwcciCommented:
Yeah I assumed so, also, if you look at the local groups tab, there's a "Everyone" group, you can assign your Normal policy to that group. That might be the easiest thing.
0
 
zer0zer0Author Commented:
Sonicwall uses the least restrictive policy.. If I set the policy to that group, my restrictive group picks up this same policy.
0
 
jlwcciCommented:
Yeah, that kinda sucks. I don't like the way they do that, wish it was the opposite.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.