Filtering
Rules:
1.
The global (default) filtering profile applies to any user who does
not belong to a master IP group.
2. If the minimum filtering level is defined, it applies to all
master IP groups and members assigned filtering profiles. The minimum
filtering level combines with the user’s profile to guarantee
that categories blocked in the minimum
filtering level are blocked in the user’s profile.
3. For master IP group members:
a)
A master IP group filtering profile takes precedence over the
global profile.
b) A master IP group time profile takes precedence over the master
IP group profile.
4.
For IP sub-group members:
a)
An IP sub-group filtering profile takes precedence over the master
IP group’s time profile.
b) An IP sub-group time profile takes precedence over the IP sub-group
profile.
5.
For individual IP members:
a)
An individual IP member filtering profile takes precedence over
the IP sub-group’s time profile.
b) An individual IP member time profile takes precedence over
the individual IP member profile.
6.
For LDAP users, if a user is authenticated, settings for the user’s
group or individual profile from the LDAP domain are applied and
take precedence over any IP profile.
a)
If the user belongs to more than one group in an authentication
domain, the profile for the user is determined by the order in
which the groups are listed in the Group Priority list set by
the global administrator. The user is assigned the profile for
the group highest in the Group Priority list.
NOTE:
In an LDAP domain, if a user belongs to a container, that profile
takes precedence over the group profile for that user.
b) If a user has an individual profile set up, that profile supercedes
all other profile levels for that user. The user can have only
one individual profile in each domain.
c) A profile for a workstation takes precedence over a user’s
individual profile.
d) If the user has a time profile, that profile takes precedence
over other profiles. A container time profile takes precedence
over a domain time profile, and a group time profile takes precedence
over a container time profile. An individual time profile takes
precedence over a group time profile, and a workstation time profile
takes precedence over an individual time profile.
NOTE:
A Radius profile is another type of authentication profile, and
is used if a Radius accounting server is attached to the Web Filter.
This authentication profile bears the same weight as an LDAP authentication
profile in the precedence hierarchy.
7.
A Threat Analysis Reporter (TAR) profile is a type of lockout profile.
The TAR low level lockout profile takes precedence over an authentication
profile or a time profile profile, locking out the end user from
library categories specified by the lockout profile in the TAR module.
8. An
override account profile
takes precedence over a TAR lockout profile. This account may override
the minimum filtering level—if the override account was set
up in the master IP Policy tree, and the global administrator allows
override accounts to bypass the minimum filtering level, or if the
override account was set up in the Global Group section of the Policy
tree.
9. An X Strikes lockout profile takes precedence over all filtering
profiles. This profile is set up under Filter Options, by enabling
the X Strikes Blocking feature.
Related
Topics:
Back
| Top |