In this video, you will learn how to create schedules that restrict Internet access based on time and user account info, allowing you more control over what content users can access and how much bandwidth is used.
This example involves a full time employee with unlimited access, a part time employee with limited access and a restriction on smartphones but not tablets.
First, go to user and device user definitions to create two users, each with a user name
Then go to the user groups list
and create a full time group,
adding the first user you created
and a part time group with the second user that you created.
Next, go to Policy and Objects schedules
to create a schedule to represent part time users.
Set the type to recurring and set the days and hours. You want part time users to be able to access the Internet
and now go to user and device device groups and create a new group that will include the various types of smartphones as members
go to the policy of this to create the three policies that will govern full time, part time and mobile users
for the full time policy. Set the incoming interface to the local interface
source users to the full time group. Outgoing interface to your Internet facing interface and set the schedule toe. Always
configure the rest as normal
scroll down to the logging options. Enable log allowed traffic and select all sessions to log old full time user traffic.
Next, create the part time policy. Set the incoming interface toe local the source users to the part time group
outgoing interface to the Internet
and set the schedule to part time.
Enable that and log all sessions
on the policy list. Right. Click the title row and add i d to the list of visible columns and select Apply
no down the I d for the part time policy that you created.
Go to system dashboard status and open the CLI console.
Enter the following commands to ensure that part time access will be revoked from existing sessions on off scheduled times and days.
Config. Firewall policy.
set schedule hyphen timeout enable
lastly returned to the policy list and create a policy that denies all mobile traffic.
Set the incoming interface to the local interface
source device to your mobile device group.
Outgoing interface to your Internet Facing interface and set the action to deny
make sure log violation traffic is enabled
back on the policy list. Move this policy to the top so it will take effect. First,
browse the Internet using a computer on the local network. You will be prompted to enter authentication credentials.
Log in using the full time account.
You will then be able to access the Internet at any time
in the Ford A Gate interface, go to user and device monitor firewall.
Select the full time user and D authenticate them.
Attempt to browse the Internet again and log in using the part time account.
If you are outside the part time schedule, you will be unable to access the Internet.
All attempts to connect to the Internet using a mobile phone will be denied.
Thank you for watching. If you need for their details. You can visit docks dot fortunate dot com at any time to access our complete documentation library