Overview
When there is a requirement to create a traffic rule for denying access between a specific user group and Network interface, Kerio Control needs a certain configuration change.
This article provides information on how to configure Traffic rules, Users, and Groups for such a scenario.
Solution
- Configure a separate group and include the necessary users as members.
- Modify Users' configuration -> Addresses tab -> Specific MAC addresses of the user devices.
- Create a dedicated Traffic Rule to deny access for the necessary group.
Source: <Group_name>
Destination: <Interface_Name>, firewall (depending on the environment)
Service: Any
Action: Deny with Log packets accounting
Testing
Try to ping the interface in question from the user's PC that requires limited access. The network connection will be refused for the specified user group. The Filter logs will report the Deny actions.
DENY "Deny group access" packet from KerioControl, proto:UDP, len:70, 10.10.20.12:63228 -> 10.10.20.1:53, udplen:42