How to block internet access to computers that are not in my active directory network

AFM92
AFM92 Posts: 2  Freshman Member
First Comment
edited April 2021 in Security
Hi. I have a problem denying PC access outside my active directory.
I have created a group in AD that is synchronized with the zyxel UGS 210 (I have verified that it detects the users that are within that group) and I only want that the users that are within that group can surf the internet, so that if A computer does not belong to that group of AD can not surf the internet.

When I assign the policy with which I surf the internet to apply it to the AD group (from the user tab) the internet stops working.

I don't know what part I may be doing wrong.

Greetings and thank you.


All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @AFM92

    Welcome to Zyxel Communty. ?

    It’s not just only apply user group on security policy, you also need to enable web authentication on USG.

    In this way, when user open a browser, the USG will redirect web authentication portal, user must log in to get Internet access.


    Enable Web Authentication at “CONFIGURATION > Web Authentication > General”, and create a Web authentication policy


  • AFM92
    AFM92 Posts: 2  Freshman Member
    First Comment
    edited August 2019

    Thanks for your quick response @Zyxel_Cooldia. Is there a way to do it without enabling web authentication? So that only domain users can access the internet. If this is not possible, is there a way for zyxel to remember logged users? so that they don't have to be authenticating every time they enter each one on their computer and want to surf the internet.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @AFM92

    You can enlarge the lease time and Reauthentication time on ad-users object.

    BTW, You can also achieve the same result via Windows GPO. It’s based on AD group policy, not rely on gateway side. 


    Lease Time and Reauth Time at “CONFIGURATION > Object > User/Group > ad-users”

    How to Block Internet access via GPO

    https://www.youtube.com/watch?v=17ehsIrRQvs

Security Highlight