You are here: Product Documentation > Unified Threat Management > About the Network Menu > Network > Filtering > Group bridging

About Group Bridging Rules

Note: This topic applies to the Hearst Release.

By default, authenticated users may only access network resources within their current network zone, or that are allowed by any active zone bridging rules. Group bridging is the process of modifying this default security policy in order to allow authenticated users from any network zone to access specific IP addresses, IP ranges, subnets and ports within a specified network zone.

Authenticated groups of users can be bridged to a particular network by creating group bridging rules. A group bridging rule defines a bridge in the following terms:

Group – The group of users from the authentication sub-system that may access the bridge
Zone – The destination network zone
Destination – Defines whether the bridge allows access to an individual host, a range of hosts, a subnet of hosts or any hosts
Service – Defines what ports and services can be used across the bridge
Protocol – Defines what protocol can be used across the bridge

Like zone bridges, group bridges can be narrow (for example, allow access to a single host, using a named port and protocol) or wide (for example, allow access to any host, using any port and protocol).

It is recommended you make bridges as narrow as possible to prevent unnecessary or undesirable use.