Users and applications can be specified as the matching conditions of security policies to implement access control based on users and applications.
Allow R&D employees to use the TortoiseSVN application.
Prohibit R&D employees from accessing search/portal websites during working hours (09:00-17:00).
Allow marketing employees and HR employees to access search/portal websites and social networks.
Prohibit all employees from playing games or watching network videos.
According to the preceding requirements, the following security policies are configured:
No. |
Description |
Source Zone |
Destination Zone |
Source Address/User |
Destination Address |
Application or URL Category |
Time Range |
Action |
|---|---|---|---|---|---|---|---|---|
1 |
Allow R&D employees to use the TortoiseSVN application. | trust |
dmz |
R&D user group |
Company's server address |
TortoiseSVN |
any |
Permit |
2 |
Prohibit R&D employees from accessing search/portal websites during working hours. | trust |
untrust |
R&D user group |
any |
Search/Portal websites |
worktime (09:00-17:00) |
Deny |
3 |
Allow marketing employees and HR employees to access search/portal websites and social networks. | trust |
untrust |
Marketing user group HR user group |
any |
Search/Portal websites Social networks |
any |
Permit |
4 |
Prohibit all employees from playing games or watching network videos. | trust |
untrust |
any |
any |
Game Streaming media |
any |
Deny |
5 |
Deny the traffic that does not match any of the preceding security policy rules. | trust |
any |
any |
any |
any |
any |
Deny |