WebBlocker/Active Directory authentication

WCITWCIT
in Firebox - Subscription Services

Hello, I have set of five Active Directory bound computers designated for students. Their AD accounts are in a container called 'students'. If I setup WebBlocker per this technote: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/webblocker/examples/webblocker_outbound_auth_user_groups_adauth_wsm.html

My question is this...The powers that be do not want any filtering for any other AD group - just the Students. It is as simple as creating the policies, tying it to the AD 'Students' container, and leaving the rest as-is? Would that allow the office users to bypass WebBlocker? Or, do I have to assign every other user to an "allowed" group and create a policy that way. Thanks!

Comments

  • Bruce_BriggsBruce_Briggs

    Have a HTTP & HTTPS proxy policy From: your student AD group To: Any-external, with the desired WB actions
    Have a 2nd HTTP & HTTPS policy From: Any-trusted etc. To: Any-external
    The 2nd set of policies should automatically be below the student policies
    Set up SSO so that the students (and everyone else) get automatically authenticated to the firewall.
    Then students should be controlled by the WB action on their policiy and everyone else should not be.

  • WCITWCIT

    Thanks! Is SSO required to make this work?

  • Bruce_BriggsBruce_Briggs
    Unless you know the IP added of the student devices, then you need for you students to authenticate to the firewall - so that you know that the traffic is from a student.
    SSO allows automatic authentication to your AD
  • WCITWCIT

    What would the method be if I assigned static IPs to the devices? Thanks again...

  • Bruce_BriggsBruce_Briggs
    From: the list of student IP addrs
  • WCITWCIT

    OK, just to be clear, I would use IP instead of AD auth?

  • Bruce_BriggsBruce_Briggs
    Yes, if you know that those will be the only IP addrs used by the students
  • WCITWCIT

    Thanks, Bruce.

Sign In to comment.