Time
1 hour 35 minutes
Difficulty
Beginner

Video Description

In this video, you will learn how to create schedules that restrict internet access based on time and user account info, allowing you more control over what content users can access and how much bandwidth is used. This example involves a full-time employee with unlimited access, a part-time employee with limited access, and a restriction on mobile devices. Visit Fortinet's documentation library at http://docs.fortinet.com

Video Transcription

00:00
In this video, you will learn how to create schedules that restrict Internet access based on time and user account info, allowing you more control over what content users can access and how much bandwidth is used.
00:13
This example involves a full time employee with unlimited access, a part time employee with limited access and a restriction on smartphones but not tablets.
00:28
First, go to user and device user definitions to create two users, each with a user name
00:36
and a password.
00:50
Then go to the user groups list
00:53
and create a full time group,
00:57
adding the first user you created
01:00
and a part time group with the second user that you created.
01:11
Next, go to Policy and Objects schedules
01:17
to create a schedule to represent part time users.
01:21
Set the type to recurring and set the days and hours. You want part time users to be able to access the Internet
01:33
and now go to user and device device groups and create a new group that will include the various types of smartphones as members
01:53
go to the policy of this to create the three policies that will govern full time, part time and mobile users
02:01
for the full time policy. Set the incoming interface to the local interface
02:07
source users to the full time group. Outgoing interface to your Internet facing interface and set the schedule toe. Always
02:15
configure the rest as normal
02:22
and enabled that
02:23
scroll down to the logging options. Enable log allowed traffic and select all sessions to log old full time user traffic.
02:34
Next, create the part time policy. Set the incoming interface toe local the source users to the part time group
02:42
outgoing interface to the Internet
02:45
and set the schedule to part time.
02:51
Enable that and log all sessions
02:57
on the policy list. Right. Click the title row and add i d to the list of visible columns and select Apply
03:04
no down the I d for the part time policy that you created.
03:09
Go to system dashboard status and open the CLI console.
03:15
Enter the following commands to ensure that part time access will be revoked from existing sessions on off scheduled times and days.
03:23
Config. Firewall policy.
03:27
Edit the I D number
03:30
set schedule hyphen timeout enable
03:34
and
03:36
lastly returned to the policy list and create a policy that denies all mobile traffic.
03:42
Set the incoming interface to the local interface
03:46
source device to your mobile device group.
03:51
Outgoing interface to your Internet Facing interface and set the action to deny
03:59
make sure log violation traffic is enabled
04:05
back on the policy list. Move this policy to the top so it will take effect. First,
04:17
browse the Internet using a computer on the local network. You will be prompted to enter authentication credentials.
04:26
Log in using the full time account.
04:33
You will then be able to access the Internet at any time
04:39
in the Ford A Gate interface, go to user and device monitor firewall.
04:44
Select the full time user and D authenticate them.
04:48
Attempt to browse the Internet again and log in using the part time account.
04:57
If you are outside the part time schedule, you will be unable to access the Internet.
05:02
All attempts to connect to the Internet using a mobile phone will be denied.
05:10
Thank you for watching. If you need for their details. You can visit docks dot fortunate dot com at any time to access our complete documentation library

Up Next