Example: User-specific firewall Access rules

An example of using access control by user to define Firewall Access rules that only apply to specific users.

Company C has an existing Microsoft Active Directory server that it uses for user accounts in its Windows domain. Users are divided into groups according to the department they work in. The administrators have already integrated the Active Directory user database with the SMC to be able to view and manage Users in the Management Client.

There is already an Access rule that blocks access to a video sharing site. However, the marketing team needs to be able to publish videos for its new marketing campaign on the site. The administrators want to allow users in the marketing group to access the site, but do not want to require user authentication.

Because the video sharing site has multiple servers with different IP addresses, the administrators decide to use a Domain Name element. This element dynamically resolves the IP addresses of servers in the video sharing site’s Internet Domain.

The administrators:
  1. Integrate a Forcepoint User ID Service server with Forcepoint NGFW.
  2. Add the following Access rule before the rule that blocks access to the video sharing site:
    Table 1. User-Specific Access Rule
    Source Destination Service Action
    Marketing user group Domain Name element that represents the video sharing site
    • HTTP
    • HTTPS
    Allow
  3. Install the policy on the firewall.