App Rule setup to Allow Certain User Groups to Different Multimedia Applications
03/26/2020 42 11813
Using app rules, this article describes a common scenario where certain user groups are allowed multimedia content while other user groups are not. For example we want to block multimedia for all users and allow Netflix for User Group 1, Hulu for User Group 2 and Pandora for User Group 3 etc..
Step 1: We'll need the following match objects created. Log into the SonicWall firewall and select Firewall | Match Objects.
- Match Object 1: Name: Multimedia Block - A list of Multimedia applications ( Including Netflix, Hulu and Pandora)
- Match Object 2: Name: Multimedia Exclusion – A list of all Applications that we want excluded for specific user groups (Netflix, Pandora, Hulu etc..)
- Match Object 3: Name: Netflix Allowed – Netflix Application
- Match Object 4: Name: Hulu Allowed – Hulu Application
- Match Object 5: Name: Pandora Allowed – Pandora Application
Step 2: Next, we'll create the app rules under Firewall | App Rules.
- App Rule 1: Name: Block All Multimedia except Allowed, Policy type – App Control Content, Included Match Object: Match Object 1, Excluded Match Object: Match Object 2, action: Reset/Drop
- App Rule 2: Name: Allow Netflix: Policy type – App Control Content, Included Match Object: Match Object 3, Excluded User: User Group 1, action: Reset/Drop
- App Rule 3: Name: Allow Hulu: Policy type – App Control Content, Included Match Object: Match Object 4, Excluded User: User Group 2, action: Reset/Drop
- App Rule 4: Name: Allow Pandora: Policy type – App Control Content, Included Match Object: Match Object 5, Excluded User: User Group 3, action: Reset/Drop
Users in User Group 1 are allowed access to Netflix and blocked access to all other Multimedia Applications.
Users in User Group 2 are allowed access to Hulu and blocked access to all other Multimedia Applications.
Users in User Group 3 are allowed access to Pandora and blocked access to all other Multimedia Applications
All users not belonging to User Group 1, 2 and 3 will be denied access to Multimedia Applications as per Rule 1.
For users who are not allowed to go to multimedia content we see log entries in the SonicWall blocking the DNS query:
While users who can view specific multimedia content are allowed: