App Rule setup to Allow Certain User Groups to Different Multimedia Applications

Using app rules, this article describes a common scenario where certain user groups are allowed multimedia content while other user groups are not. For example we want to block multimedia for all users and allow Netflix for User Group 1, Hulu for User Group 2 and Pandora for User Group 3 etc..

Step 1: We'll need the following match objects created. Log into the SonicWall firewall and select Firewall | Match Objects.

• App Rule 1: Name: Block All Multimedia except Allowed, Policy type – App Control Content, Included Match Object: Match Object 1, Excluded Match Object: Match Object 2, action: Reset/Drop
• App Rule 2: Name: Allow Netflix: Policy type – App Control Content, Included Match Object: Match Object 3, Excluded User: User Group 1, action: Reset/Drop
• App Rule 3: Name: Allow Hulu: Policy type – App Control Content, Included Match Object: Match Object 4, Excluded User: User Group 2, action: Reset/Drop
• App Rule 4: Name: Allow Pandora: Policy type – App Control Content, Included Match Object: Match Object 5, Excluded User: User Group 3, action: Reset/Drop

Expected Behavior:

Users in User Group 1 are allowed access to Netflix and blocked access to all other Multimedia Applications.
Users in User Group 2 are allowed access to Hulu and blocked access to all other Multimedia Applications.
Users in User Group 3 are allowed access to Pandora and blocked access to all other Multimedia Applications
All users not belonging to User Group 1, 2 and 3 will be denied access to Multimedia Applications as per Rule 1.

For users who are not allowed to go to multimedia content we see log entries in the SonicWall blocking the DNS query: