I assume that the un restricted access means to access social media ,P2P etc. If that is true.
There are many ways to achieve this.
The common and simply way is describing below ( Experienced users can provide more feasible option though)
1. Create a new web filtering profile with a name something like " Excluded users_WF"
a. Block " Security Risk Category"
2. Create a new Application control with a name something like " Excluded users_AC"
a. Create a new application sensor to block " Botnet"
3. The same way you can create security profiles with less restriction for other UTM features like DLP ,Email etc.
4. Create a the IP address of the particular machine in the address object.
5. If multiple machines you want to add you can create a group and add those IP' s into it. ( ie, Excluded user group)
6 . Create a new firewall policy on top of the current internet policy and configure as below.
a. Source interface - LAN
b. Source address - Excluded user group
c destination int - WAN1 / WAN2 ( or virtual wan link)
d- Destination address - any
e- service - all
f - NAT - enable.
UTM - a . Antivirus - default
b- web filtering - Excluded users _ WF
c- application control - Excluded users_ AC
d - SSL deep scan - enable
( if you don;t want to use other UTM features make it disable)
7 Try to surf from the particular machine, and see whether the user is able to access the restricted sites .
Nihas [\b]