This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Computer groups: deny internet access / "isolate"

Hi all,

I've been scratching my head for quite some time now looking for a way to bulk isolate machines in the endpoint protection module of Sophos Central.
Our company policy is to isolate machines not seen on the system for 30+ days, which can be 250+ computers a time to isolate one by one!

I've recently discovered the computer groups feature and noticed you can have set policies per group;
Is there a particular way to set up so that a certain computer group cannot access the internet, so isolating by proxy?

Any other workarounds welcome - thanks in advance Thumbsup



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    what do you mean by "not seen on the system"? Are you saying the devices haven't reported into Central in 30 days? Or that they are green in Central but they haven't connected to your local network?

    Isolate isn't really meant as a web control feature. It's to prevent lateral movement inside and environment. So, if these are active systems that aren't in your network and you want to prevent web access - you could use the Web Control and block all categories and uncategorized connections.

    I am a little confused about your use case. Can you clarify please.

  • Thank you for your response RichardP.

    To clarify, I mean the computer hasn't been active on our company network / hasn't been signed into on our domain in a while.

    We use Active Directory to disable AD accounts after a certain period but the thinking with isolating computers through Sophos Central was if someone was to log into one of our computers with a local account, the web restrictions would still apply through Sophos where our group policies wouldn't be in effect.

    Hope that clarifies better.

    Zeke


  • FormerMember
    +1 FormerMember in reply to Zeke Furness

    ok, you don't need to use Isolate for this. Edit the base web control policy that does the restrictions you want. This applies to all users who don't have another policy assigned - so would apply to the local user. Then you could have a less restrictive policy for normal users and assign that in bulk in Central.

    I hope this helps.  

  • Thank you, that makes perfect sense.

    Zeke