How to set the Firewall Rule to individual user when using User Based mode?

 

We will demonstrate how to use User Management and set different policies for different user accounts in this note. With this configuration, LAN clients are required to log in to access the Internet. Administrator can set different policies for different user accounts. For example, rules can be set that all the employees are able to access internet after they log in, but they can not go to facebook with their account, only the user with HR accounts can. Besides, the server should be able to access internet without obstacle.

 

Authentication Require Internet Access
Server
No
No restrictions
HR
Yes
No restrcitions
Employee
Yes
Block social network

 

 

1. Set a firewall filter that allows packets from the sever IP to pass: Go to Firewall >> Filter Setup, click Set 2, click an available rule.

a. Tick Check to enable the Filter Rule.

b. Enter a Comment.

c. Set Direction as LAN/DMZ/RT/VPN -> WAN.

d. Click Edit to set Source IP as the IP of server.

 

a) Select Address Type as Single Address.

b) Enter the Server IP to Start IP Address.

c) Click OK to save.

e. Select Filter as Pass Immediately.

f. Click OK to save.

Note: If tick Check to Enable the Filter Rule makes this rule an Active Rule, that means all the packet will check if it matches the rule first. But with this IP configuration, only the packets from the IP address of server will pass, other packets that does not match the IP address will need user authentication, and the firewall rule applied to correspondent user accounts will then take effect.

 

2. Set a firewall rule to blocks facebook: Go to Firewall >> Filter Setup page, click Set 2, click an available rule.

a. Enter Comments.

b. For Filter, select Pass Immediately.

c. Select URL Content Filter, Web Content Filter and DNS Filter as the filter we set for blocking facebook.

d. Click OK to save the rule.

Note: Do not tick Check to Enable the Filter Rule, this makes this rule an Inactive Rule, so it will be a policy that we can apply to a specific user account.

 

3. Create a user account for the employees: Go to User Management >> User Profile page, click an available profile to add an account.

a. Tick Enable this account.

b. Enter the Username, Password, and Confirm Password.

c. Set Policy as the one for blocking facebook which created in the previous step.

d. Click OK to save.

 

 

4. Create a user account for HR: Go to User Management >> User Profile page, click an available index to add an account.

a. Enable this account.

b. Enter the Username, Password, and Confirm Password.

c. Set Policy as Default.

d. Click OK to save.

 

Finally, LAN clients will have to log in when they try to access internet. If they log in with the employee account, they will not be able to access facebook. There will be a message shows that the page have bee blocked by URL Content Filter.

 

 When log in with the HR account, facebook works fine.

Was this article helpful?
161How to set the Firewall Rule to individual user when using User Based mode? has been viewed------ 161 ------times.