Parent Racks & Policy Manager

[GhostyDog]

Hi,

Am I right in thinking that if I create a new Rack and only add one filter say for example the Web Filter and then set the parent rack as the default rack that any traffic that does not match the child racks filters will just be parsed by the parent racks filters and it's settings?

I had the Default Rack with some Web Filter Config and created a new rack to give internet access before and after work and at lunchtime to a subset of users but I also added alll the filters I had in the default rack and configured them the same but gave the new rack no parent rack (this was set up some time ago when I wasn't quite as familiar with untangle).

I've been looking at how to make better use of the policy manager and have now set the default rack with web access fully blocked for every category as the parent rack and created a second partial access rack with the default rack as parent for indivduals who need access to web during work time but don't need to access holiday sites and shopping sites.

Essentially I've ended up with 4 racks

Default Rack - Fairly Locked down from a filtering perspective
Open Web Access Rack - Directors and Senior Management
Partial Web Access Rack - Managers and Staff who require some web access to do their job.
Out of hours Rack - For individuals who do not need web access to do their job.

If I remove things like spam and ad blocker from the Out Of Hours rack will these users still pick up protection from these filters as configured in their parent rack?

Maybe I've made this overly complicated but would be good to get some idea of if I'm on the right track here.

Cheers

GD

[proactivens]

Your on the right track. That looks like a good design.

[GhostyDog]

Your on the right track. That looks like a good design.

Cheers James,

I'm also thinking of what benefits I might gain from daisy chaining some of my vRacks

Sean

[proactivens]

The way most people end up doing it is making a very restrictive default rack and using it as a catch all. If a user or visitor does not fall into one of the policy manager racks, they fall into the default rack and cant do much.

Most setups are like this:
Default - Ultra Restrictive
Rank and file employees - very restrictive depending on company policy
management staff - less restrictive
network and IT admin staff - lite restrictions
Execs (CEO, CTO, CIO, ect) - whatever they want, they write the paychecks lol

[dmorris]

Just a clarification:

If you have 10 different web policies you need 10 different web filters in 10 different racks.
Parent racks if for things that you want the same in all 10 racks beside web filter, like probably virus blocker or spam blocker. It will not help you craft 10 different web policies using only a few web filters. The way its visually represented is exactly how it works. When you install a web filter in a child rack it overrides the one in the parent.

[GhostyDog]

Just a clarification:

When you install a web filter in a child rack it overrides the one in the parent.

That answers the question I was about to ask about hierarchical inheritance of settings

Thanks

Sean