Apply Firewall Rule to individual accounts in User-Based mode

 Español

In User-Based mode, LAN clients are required to log in to access the Internet. In this note, we will demonstrate how to use User Management and set different policies for different user accounts. For example, rules can be set that all the employees cannot go to facebook, except for the users logging in with HR accounts. Besides, the server should be able to access the internet without restrictions.

LAN host Require Authentication Internet Access
server No No restrictions
HR Yes No restrictions
Employee Yes Block Facebook

 

1. Set a firewall filter that allows packets from the server IP to pass: Go to Firewall >> Filter Setup >> Set 2, click an available rule.

  1. Tick Check to enable the Filter Rule.
  2. Enter a Comment for identification
  3. Set Direction to "LAN/DMZ/RT/VPN -> WAN".
  4. Click Edit to set Source IP to the IP of the server.
    1. Select Address Type as Single Address.
    2. Enter the Server IP to Start IP Address.
    3. Click OK to save.
  5. Select Filter to "Pass Immediately".
  6. Click OK to save.

NOTE: If tick Check to Enable the Filter Rule makes this rule an Active Rule, that means all the packet will check if it matches the rule first. But with this IP configuration, only the packets from the IP address of the server will match. Packets that don't match the IP address will need user authentication to be passed to the Internet.

a screenshot of DrayOS Firewall rules

2. Set a firewall rule to block access to Facebook: Go to Firewall >> Filter Setup >> Set 2, click an available rule.

  1. Do NOT tick Check to Enable the Filter Rule. Leaving this rule inactive will make it a policy choice for user accounts.
  2. Enter Comments.
  3. b. For Filter, select "Pass Immediately".
  4. Select URL Content FilterWeb Content Filter, and DNS Filter we created for blocking facebook.
  5. Click OK to save the rule.
another screenshot of DrayOS firewall rule

3. Create a user account for the employees: Go to User Management >> User Profile page, click an available profile to add an account.

  1. Tick Enable this account.
  2. Enter the UsernamePassword, and Confirm Password.
  3. Set Policy as the firewall rule for blocking facebook, which created in the previous step.
  4. Click OK to save.
a screenshot of DrayOS local user profile

4. Create a user account for HR: Go to User Management >> User Profile, click an available index to add an account.

  1. Enable this account.
  2. Enter the UsernamePassword, and Confirm Password.
  3. Set Policy as "Default".
  4. Click OK to save.
another screenshot of DrayOS local user profile

Finally, LAN clients will have to log in when they try to access the internet. If they log in with the employee account, they will not be able to access facebook. There will be a message that shows the page was blocked by URL Content Filter.

a screenshot of a browser opening facebook page faied

 When login with the HR account, facebook works fine.

a screenshot of a browser opening facebbok page succesful

Published On: Dec 12, 2017 

Was this helpful?     


Related Articles