Example: User-specific engine Access rules
An example of using access control by user to define Engine Access rules that only apply to specific users.
Company C has an existing Microsoft Active Directory server that it uses for user accounts in its Windows domain. Users are divided into groups according to the department they work in. The administrators have already integrated the Active Directory user database with the SMC to be able to view and manage Users in the Management Client.
There is already an Access rule that blocks access to a video sharing site. However, the marketing team needs to be able to publish videos for its new marketing campaign on the site. The administrators want to allow users in the marketing group to access the site, but do not want to require user authentication.
Because the video sharing site has multiple servers with different IP addresses, the administrators decide to use a Domain Name element. This element dynamically resolves the IP addresses of servers in the video sharing site’s Internet Domain.
- Integrate a Forcepoint User ID Service server with Secure SD-WAN.
- Add the following Access rule before the rule that blocks access to the video sharing site:
Table 1. User-Specific Access Rule Source Destination Service Action Marketing user group Domain Name element that represents the video sharing site - HTTP
- HTTPS
Allow - Install the policy on the engine.