Hi Team, I have a quick question, I see that under Access policies, specifically policy member definition you can use a Time range. Now the LAB2 there is an specific task where you need to give access to Financial Users for certain amount of time.
Now I see that you define the time range and them assign it to the specific URL category you want and then, you select the logical or if the match criteria fails. My question is, in which cases we will be using time-range for "policy member definition"? By mistake I put it as a matching criteria for this task and all the traffic was being blocked, once I removed, I was obtaining the desired results. Funny part is that, looking at the access logs, when I had that time range as match criteria for Policy member definition, It seemed like it was not even able to find it on the AD... I.E 1371523366.155 34 192.168.22.10 TCP_DENIED/403 0 GET http://www.ft.com/home/us "VPN\finuser1@WSA" NONE/- - BLOCK_WEBCAT_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-NONE <IW_fnnc,4.9,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_fnnc,-,"-","-","Unknown","Unknown","-","-",0.00,0,-,"-","-"> - Whereas if I remove it: 1371522757.853 245 192.168.22.10 TCP_MISS/301 582 GET http://ft.com/ "VPN\finuser1@WSA" DIRECT/ft.com text/html MONITOR_CONTINUE_WEBCAT_12-FINANCIAL-DefaultGroup-NONE-NONE-NONE-DefaultGroup <IW_fnnc,4.9,0,"-",0,0,0,1,"-",-,-,-,"-",1,-,"-","-",-,-,IW_fnnc,-,"Unknown", "-","Unknown","Unknown","-","-",19.00,0,-,"Unknown","-"> - Thanks in Advanced Mike
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
