LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

Suppose ordinary staff are blocked from a site (say a weather site) but executives are allowed. How does a firewall combine URL filtering with user/group identity so the same URL is treated differently per person?

Add a Source User filter to the Security Rule — the rule only fires for users in that group.

The rule logic:

  • Rule 1: source=inside, user=Normalbürger-group, dest=outside, url-category=block-weather, action=deny
  • Rule 2 (default below): source=inside, user=any, dest=outside, action=allow
  • C-level user is not in Normalbürger-group → Rule 1 misses → falls through to allow.

Why this matters:

  • Same domain, different access — based on identity, not network location.
  • Common real-world need: marketing can use Facebook (their job), engineering cannot.
  • Auditing: logs now say "user X tried Y," not just "IP a.b.c.d tried Y."

Prerequisite: User-ID must be active on the zone, and the FW must know who's behind each IP — this is what Captive Portal / AD agent / GlobalProtect is for.

Tip: Without User-ID, every rule is IP-based — terrible for laptops on DHCP. With User-ID, rules become "who can do what."

Go deeper:

From Quiz: INTROL / Firewall Advanced Lab (Lab 6) | Updated: Jul 05, 2026