zer0zer0
asked on
Sonicwall - Filter a group of computers SonicOS Enhanced 4
Before my Sonicwall crashed and I had to restore it, I had a group of 10 computers on the network that would get prompted to enter a user name and password to access the web. These 10 computers had about 5 websites they were allowed to go to. Everyone else BUT that group was NOT prompted to enter a user name and password to access the sonicwall - they just had a different policy and were allowed access to the normal sites minus the obvious category's. I've called Sonicwall and they try to tell me that it's not possible - even though it obviously is because I had it running like this for a year. When I set it up last year, I found the solution by spending hours on google and here reading what people were saying.
I have already set so those 10 computers get prompted for a password. I know I have to make the default policy for the network the most restrictive and then allow sites for each group.. I just cant figure out how to tell the sonicwall to make everything BUT those 10 computers have a different policy.
I have already set so those 10 computers get prompted for a password. I know I have to make the default policy for the network the most restrictive and then allow sites for each group.. I just cant figure out how to tell the sonicwall to make everything BUT those 10 computers have a different policy.
ASKER
Still confused..
Here are my 3 policy's -
Default - This is on the Zone. It has EVERYTHING blocked. 100% restricted.
Restrictive - This is on the group of 10 computers. Only 1 category is unblocked with a few custom approved sites.
Normal - This is for the remaining 100 computers on the network. Only a few category's are blocked such as Porn/Hacking/Weapons/Socia
I have Restrictive assigned to the group that it needs to be on, but now how do I say EVERYONE ELSE gets the "Normal" policy? Only those 10 computers have to log in, everyone else does not since.. I assume they are not affected by a group.
Here are my 3 policy's -
Default - This is on the Zone. It has EVERYTHING blocked. 100% restricted.
Restrictive - This is on the group of 10 computers. Only 1 category is unblocked with a few custom approved sites.
Normal - This is for the remaining 100 computers on the network. Only a few category's are blocked such as Porn/Hacking/Weapons/Socia
I have Restrictive assigned to the group that it needs to be on, but now how do I say EVERYONE ELSE gets the "Normal" policy? Only those 10 computers have to log in, everyone else does not since.. I assume they are not affected by a group.
You'd have to create a group (if you don't have one already) for "everyone else" and assign that group to your "normal" policy.
ASKER
How do I assign everyone else to a group without making them log in?
If you don't want them to be forced to login you'll have to use the SSO, you need to download that from the mysonicwall site, install on a server and configure it and the firewall to use it. That makes it so the sonicwall finds out who is going to the internet based on the IP address, username and group membership.
The problem you'll run into is if you have laptop users that are not part of the domain, they won't be identified since this is working with AD.
Also, if you look in the local groups tab there's a "content filtering bypass" group. You can try adding this group with "everyone else" into that one. I haven't used that one yet, but I think it should work, before you go the route of the SSO which takes some time to setup.
The problem you'll run into is if you have laptop users that are not part of the domain, they won't be identified since this is working with AD.
Also, if you look in the local groups tab there's a "content filtering bypass" group. You can try adding this group with "everyone else" into that one. I haven't used that one yet, but I think it should work, before you go the route of the SSO which takes some time to setup.
ASKER
See that's the thing. I had this working before without using the SSO. I just cant remember what I did.. It's driving me crazy. I'm going to check into the filtering bypass group.
Yeah I assumed so, also, if you look at the local groups tab, there's a "Everyone" group, you can assign your Normal policy to that group. That might be the easiest thing.
ASKER
Sonicwall uses the least restrictive policy.. If I set the policy to that group, my restrictive group picks up this same policy.
Yeah, that kinda sucks. I don't like the way they do that, wish it was the opposite.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The default policy is applied on the zones tab, that applies to everyone, then you do the others in the groups individually.