The enabling process creates three policy groups. Each policy group starts out by containing one filtering policy but more policies can exist within a group. All policies within a group target the same users (i.e. IP addresses or users).
IP-based filtering
IP-based filtering works by applying policies to groups of IP addresses or single IPs.
1.An establishment may have all its IP addresses covered by a single policy. Any user needing different settings would require a user policy to be available to them. 2.An establishment may have two or more separate subnets for different types of users, in which case a separate policy should be created for each subnet to grant different levels of access. 3.An establishment with fixed IP addresses can create specific policy groups for these.
Per-user filtering
It is possible to make policies that are relevant to specific groups or individual users. There are two ways to achieve this, these are USO-based & AD linked filtering.
USO-based per-user filtering
It is possible to create groups of USO users and link them to a specific filtering policies.
Such users will initially access the internet via their computer's IP-based filtering policy. However, when the user gets blocked from accessing a site by the Block Page, they will be able to use the login button found on that page to log in to SchoolProtect with their USO user account. This will give them their per-user policy so that any surfing from that point on will be under their tailored policy and all activity will also be logged under their name.
Active Directory-linked per-user filtering
It is possible to create policies for the security groups found in your Active Directory so that as soon as users log into their computer, they automatically access the internet via a policy intended for them.
Please note: that per-user filtering is NOT possible in establishments running their own firewall with Network Address Translation enabled or in establishments where all traffic is sent through a local proxy.
The block page
When a person gets blocked from accessing HTTP content on the internet they see a block page.
The exception to this is when a user gets blocked from an HTTPS site, no block page can be shown and the user sees the default browser message that the resource can't be reached, however with HTTPS Decryption enabled, users will get a block page when visiting HTTPS websites.
Where USO-based per-user filtering is configured, the user will see a login button on the block page and they may log in with their USO account. This will give them access to their USO-based per-user filtering policy if one has been created for them. If no such policy exists for the user, they will simply see the block page again.
Please note: that accessing a more tailored policy does not mean that the user will automatically get access to the blocked resource. They may well be blocked from that resource by the per-user policy as well.
Additional information on system settings
•Certain settings are defined at the system level and cannot be changed by your establishment. These settings are available to view for your information. •Certain elements available to you are managed at the system level. You may choose to use them if they are of benefit to you. •If you do not enable local filtering control, your establishment will still be filtered by the system policies operating in the background. This is the least flexible option so it is strongly advised that local control is enabled to allow your establishment to customise your filtering settings. |
