Allow POP, SMTP, Anydesk (6568)... traffic without user login
Se_Srikanth001 Newbie ✭
edited December 2022 in Entry Level Firewalls
I want to implement a group of users who can browse the internet (say internet_group)
Only those who has internet_group credentials can authenticate and browse the internet.
Rest of the people need not do user authentication and still able access pop and smtp services (using outlook), get/give support through anydesk, teamviewer etc.
How do I implement this ? any guide/cookbook ?
Btw, I am using TZ270
Category: Entry Level Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
you should step by step below rules
1) create 2 address groups for WEBPERMIT and POP-SMTP-PERMIT groups
2) enable DPI-SSL service and load certificate to all user pc's
2) Create POP-SMTP-PERMIT-CFS rule for POP-SMTP-PERMIT user group and block everything.
3) create WEBPERMIT-CFS rule and assign to WEBPERMIT and put top of the POP-SMTP-PERMIT-CFS rule.
4) create application rule for Remote access software group for only POP-SMTP-PERMIT user group.
5) create access rule for smtp-pop-http-https services for POP-SMTP-PERMIT user group and assign POP-SMTP-PERMIT user group.
6) disable any to any rule and create http, https service rule for other users and assign to everyone put bottom of the POP-SMTP-PERMIT access rule.
in my opinion this scenario will work. if it isn't work you should create Firewall App Rule for HTTP/S and Remote Access applications and assign to groups.
Thank you mitatonge, I will try and update.