Allow POP, SMTP, Anydesk (6568)... traffic without user login
Se_Srikanth001
Newbie ✭
I want to implement a group of users who can browse the internet (say internet_group)
Only those who has internet_group credentials can authenticate and browse the internet.
Rest of the people need not do user authentication and still able access pop and smtp services (using outlook), get/give support through anydesk, teamviewer etc.
How do I implement this ? any guide/cookbook ?
Btw, I am using TZ270
Category: Entry Level Firewalls
0
Answers
you should step by step below rules
1) create 2 address groups for WEBPERMIT and POP-SMTP-PERMIT groups
2) enable DPI-SSL service and load certificate to all user pc's
2) Create POP-SMTP-PERMIT-CFS rule for POP-SMTP-PERMIT user group and block everything.
3) create WEBPERMIT-CFS rule and assign to WEBPERMIT and put top of the POP-SMTP-PERMIT-CFS rule.
4) create application rule for Remote access software group for only POP-SMTP-PERMIT user group.
5) create access rule for smtp-pop-http-https services for POP-SMTP-PERMIT user group and assign POP-SMTP-PERMIT user group.
6) disable any to any rule and create http, https service rule for other users and assign to everyone put bottom of the POP-SMTP-PERMIT access rule.
in my opinion this scenario will work. if it isn't work you should create Firewall App Rule for HTTP/S and Remote Access applications and assign to groups.
Thank you mitatonge, I will try and update.