Skip to main content
GTNman
GTNman
New Member
April 23, 2007
Question

Blocking Internet by Usergroup.

  • April 23, 2007
  • 5 replies
  • 3367 views
Here the story... two groups of users, one access the internet, the other not so much. Currently, I have the groups authenticating via FSAE and the connection between FSAE and my DC' s are working just perfect. Firstly, the Authentication redirect page does not work properly. Nothing redirects. Secondly, is there a better way to block all internet access than how I currently have it set up? For the group that will not be allowed to access the internet the corresponding firewall policy will only allow users to access DNS thus blocking any other protocol requests. The problem I have with this method is it doesn' t notify the users the sites are blocked, it simply wont load. I have tried setting up wildcards and regular expressions to block all websites in Web filter > Content Block but I do not believe I did it properly as all sites structured as www.something.com are blocked but mail.yahoo.com will get through. Any additional insight on this would be greatly appreciated!

    5 replies

    rwpatterson
    rwpatterson
    New Member
    April 23, 2007
    Set up Fortiguard web filtering to block all sites. Create a small local group of the sites you want (if any), and then add this to your protection profile (I allow Windows Updates to all users, regardless if denied Internet or not). Add this protection profile to your policy, and then select accept (NOT DENY!!). The Fortiguard will respond that the site has been blocked.
    GTNman
    GTNmanAuthor
    New Member
    April 23, 2007
    Ah, if only I had a subscription to Fortiguard. I have to do this sans fortiguard.
    doshbass
    doshbass
    New Member
    April 23, 2007
    fortigate without fortiguard is like bread with no jam - functional but not tasty.
    GTNman
    GTNmanAuthor
    New Member
    April 23, 2007
    well no money in the budget for it, so there for any help with structing a regular expression to filter it all out would be much appreciated.
    rwpatterson
    rwpatterson
    New Member
    April 23, 2007
    I' m not sure, but I think the only way to present something to the end user is with Fortiguard services of some extent.
    GTNman
    GTNmanAuthor
    New Member
    April 30, 2007
    Abel- Thank you very much this is exactly what I needed... I do not know why I couldnt figure out such a simple reg ex, needless to say.... thanks.
    Terms & ConditionsAccessibility statement