Apply Firewall Rule to individual accounts in User-Based mode

In User-Based mode, LAN clients are required to log in to access the Internet. In this note, we will demonstrate how to use User Management and set different policies for different user accounts. For example, rules can be set that all the employees cannot go to facebook, except for the users logging in with HR accounts. Besides, the server should be able to access the internet without restrictions.

1. Set a firewall filter that allows packets from the server IP to pass: Go to Firewall >> Filter Setup >> Set 2, click an available rule.

1. Tick Check to enable the Filter Rule.
2. Enter a Comment for identification
3. Set Direction to "LAN/DMZ/RT/VPN -> WAN".
4. Click Edit to set Source IP to the IP of the server.
   1. Select Address Type as Single Address.
   2. Enter the Server IP to Start IP Address.
   3. Click OK to save.
5. Select Filter to "Pass Immediately".
6. Click OK to save.

NOTE: If tick Check to Enable the Filter Rule makes this rule an Active Rule, that means all the packet will check if it matches the rule first. But with this IP configuration, only the packets from the IP address of the server will match. Packets that don't match the IP address will need user authentication to be passed to the Internet.

2. Set a firewall rule to block access to Facebook: Go to Firewall >> Filter Setup >> Set 2, click an available rule.

1. Do NOT tick Check to Enable the Filter Rule. Leaving this rule inactive will make it a policy choice for user accounts.
2. Enter Comments.
3. b. For Filter, select "Pass Immediately".
4. Select URL Content Filter, Web Content Filter, and DNS Filter we created for blocking facebook.
5. Click OK to save the rule.

3. Create a user account for the employees: Go to User Management >> User Profile page, click an available profile to add an account.

1. Tick Enable this account.
2. Enter the Username, Password, and Confirm Password.
3. Set Policy as the firewall rule for blocking facebook, which created in the previous step.
4. Click OK to save.

4. Create a user account for HR: Go to User Management >> User Profile, click an available index to add an account.

1. Enable this account.
2. Enter the Username, Password, and Confirm Password.
3. Set Policy as "Default".
4. Click OK to save.

Finally, LAN clients will have to log in when they try to access the internet. If they log in with the employee account, they will not be able to access facebook. There will be a message that shows the page was blocked by URL Content Filter.

 When login with the HR account, facebook works fine.