Specify a time of day to access enterprise resources, e.g., provide or deny access by deploying a policy during work hours, or on weekdays.
An administrator is tasked to ensure users that are a part of the Student AD Group only have access to the internet during school hours.
One way to accomplish this requirement is to match the source of AD group “students”, use a time-based policy, and set a destination of Any. In this example, a pre-defined security profile that matches and denies web based L7 protocols such as HTTP and SSL is referenced.
To create the policy, navigate to the policy section on the left pane of Cloud Control Center and select Add Policy (figure 1).
Figure 1. Creating a new policy by clicking the Add Policy button.
Give the policy a name and define your source and destination by selecting Add New Source and Add New Destination (figure 2). Unless specified by clicking “Make it a Policy Group” Cloud Control Center will automatically create a policy group with an auto generated name based on the policy name (figure 3). To reference this policy group in different policy it is necessary to custom name the policy group by selecting “Make it a Policy Group” (figure 4).
Figure 2. Add new sources and destinations, and select the option to make it a reusable Policy Group.
Figure 3. Select a source based on a group in Active Directory.
Figure 4. Select Any in the destination to allow or deny all network access.
To create a time-based entry for the policy, select the pre-defined security profile (figure 5), and then under security profile action select Clone or Edit to populate the security rule entries (figure 6).
Figure 5. Select the Security Profile internet-access.
Figure 6. Clone or edit an existing Security Profile.
The resulting policy should look like this:
Figure 6. Select the destination Security Rule of L7 Protocol, HTTP and SSL, and set to Deny.
Select deploy and the policy will be immediately enforced across all edges of the network.
To review or edit the policy select the policy name (figure 7). You can also delete the asset group by selecting the three dots (more options) next to the asset group name.
Figure 7. View a summary of the policy, rules, and assets impacted by this policy.