This article applies to:
Question:
Filtering profiles - What's the order of Precedence?
Reply
When speaking of the order of precedence among various profile levels in the R3000, it is simply the order in which R3000 applies a profile to a given IP address and defines what group has priority over others. Filtering hierarchy among various group levels is as in the following:
a) LDAP – Highest Priority: If a user’s IP belongs to an IPGroup ‘and’ user authenticates, then the user is filtered based on the authenticated profile. Within the authentication, different filtering levels are in the following order:
i. Workstation (This will give the same profile to anyone that logs in)
i. Individual User (This will give the username profile only)
ii. Group (Based on the group priority settings)
iii. Container / OU
iv. Domain/Tree
b) IP Group – This profile will be applied to all IP addresses that are not authenticated but listed as a member of the IP Group. Within the IP Groups, different levels are as listed below:
i. Individual IP
ii. Sub Group
iii. Group
c) Global Group – This is everyone who does not authenticate or is listed as a member of an IP Group but is defined in the Range to Detect Settings.
Please note that the “Minimum Filtering Level” applies to all groups but Global Group. In other words, an actual profile of any group except for Global Group will be “Minimum Filtering Level + Rule”.
- This article was previously published as:
- 8e6 KB 288797