Security group exclusion from a access control policy

Ali Ammar0 Lv1Posted 2022-Nov-18 18:33

Hi there. I raised a question some days ago and I can,t find my answer. let me clear my question again. in my scenario, I integrated IAM with the active directory, create access control policies for web access management, and then linked policies with security groups created on the active directory. I am creating a block internet policy for users who are not members of any security group. by default, IAM allows all web traffic to that user who is not a member of any security group. so I decided to create a block rule at the bottom and exclude the above security groups which are already linked with policies. by doing this, random users will be blocked.
I am facing a problem that how to exclude a user or a security group while creating a policy.

CTI_JianJie has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

As mentioned in the previous thread, it should be working if configuring the top-down allow and deny policy.
If it is not working as expected, please try to get help from the Sangfor engineer via email to tech.support@sangfor.com
Is this answer helpful?
Faisal P Posted 2022-Nov-27 23:30
  
Step 1. Open the Group Policy Object that you want to apply an exception and then click on the “Delegation” tab and then click on the “Advanced” button. Step 2. Click on the “Add” button and select the group (recommended) that you want to exclude from having this policy
Farina Ahmed Lv5Posted 2022-Nov-22 14:18
  
Create a policy with Implicit deny.
arjay Lv3Posted 2022-Nov-22 12:20
  
Just an advice, list down all the allowed/blocked sites, who among the users are allowed/no access to that specific sites. from there, you can create a definite policy
Imran Tahir Lv4Posted 2022-Nov-21 13:00
  
Check the policy
kmrnliaqat Lv3Posted 2022-Nov-21 12:33
  
check the policy and its order
Fuji12 Lv3Posted 2022-Nov-21 11:16
  
Allow policies should be on the top of the policies then the block will follow.
LucyHeart Lv3Posted 2022-Nov-21 11:06
  
The AD should integrate on the IAM then the policy comes
Arleng Lv2Posted 2022-Nov-21 11:06
  
check your policies with appropriate priorities
Pat Lv4Posted 2022-Nov-21 10:54
  
There are many policies which you could utilize, like for example you can select some users from AD to allow youtube, email or you can deny all

I Can Help:

Change

Moderator on This Board

1
3
5

Started Topics

Followers

Follow

Board Leaders