How to configure the behavior policy on Ruijie EG?
Applied scenariosIf all user traffic must go through the EG, so we can take some control policy on EG to control the behavior of users, like access some websites or APPs. Ruijie EG allows to customize block time range and select specified users group for the control policy. Here is the typical topology.
data/attachment/forum/202205/23/152443n1oghpnzyg07n0yg.png
Configuration
Step1: Enter the advanced settings and add one behavior policy to block APPs and Websites.
data/attachment/forum/202205/23/152503durbh02ugr29ggc6.png
Step 2: Click ‘Add Behavior Policy’ and input the policy name.
data/attachment/forum/202205/23/152513wc5szzmeq7zmntsr.png
Step 3: Click ‘App’ and ‘Website’ in the top left of this page, then click ‘+’ button and ‘click to select’ the APPs and websites to be blocked in this policy.
data/attachment/forum/202205/23/152553kv5ov6m10va5g2ml.png
data/attachment/forum/202205/23/152601rdppmf1xay1d8yy1.png
Step 4: Select ‘App’ in left of this page, then input a name for this APP group, which including APPs you have selected.
data/attachment/forum/202205/23/152614n86djm96dj0zm0xj.png
Step 5: Select ‘Action’ as ‘Deny and Audit’, it means these APPs (websites) will be blocked and the blocked history to those APPs (websites) will be recorded on EG.
data/attachment/forum/202205/23/152633y27p6ck7l3ueu3bl.png
Step 6: Select the ‘Active Time’, it indicates the time when this policy take effect.
data/attachment/forum/202205/23/152649nnzb1ri9owv267dx.png
Note:
There are two methods to configure the time range, the first one is select the existing time group, the second was customize the time range.
data/attachment/forum/202205/23/152702sq9w1qq8qb1q1xqq.png
Click ‘Add object’, then input the object name and customize the time range, show as the picture.
data/attachment/forum/202205/23/152718xjvy77z26cme6zen.png
Step 7: This picture shows the details of this policy after all settings finished, including the website group, Action and active time which we already selected.
data/attachment/forum/202205/23/152728ww667d8771pkkik7.png
Step 8: Select the user objects (Son) for which the policy takes effect.
data/attachment/forum/202205/23/152741krz3fvufugoh0u2f.png
Note:
The user need to be created in the local user group before select. It supports to bind specified IP range or mac address for user.
Verification
After all configuration has been done, the users to be blocked won’t be able to access those websites, shown in the following picture.
data/attachment/forum/202205/23/152752w3iriirp1ddii1lf.png
Pages:
[1]