Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 13 subscribers
  • Views 3636 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Computer groups: deny internet access / "isolate"

Zeke Furness

Hi all,

I've been scratching my head for quite some time now looking for a way to bulk isolate machines in the endpoint protection module of Sophos Central.
Our company policy is to isolate machines not seen on the system for 30+ days, which can be 250+ computers a time to isolate one by one!

I've recently discovered the computer groups feature and noticed you can have set policies per group;
Is there a particular way to set up so that a certain computer group cannot access the internet, so isolating by proxy?

Any other workarounds welcome - thanks in advance Thumbsup



This thread was automatically locked due to age.
Parents
  • 0

    what do you mean by "not seen on the system"? Are you saying the devices haven't reported into Central in 30 days? Or that they are green in Central but they haven't connected to your local network?

    Isolate isn't really meant as a web control feature. It's to prevent lateral movement inside and environment. So, if these are active systems that aren't in your network and you want to prevent web access - you could use the Web Control and block all categories and uncategorized connections.

    I am a little confused about your use case. Can you clarify please.

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply
  • 0

    what do you mean by "not seen on the system"? Are you saying the devices haven't reported into Central in 30 days? Or that they are green in Central but they haven't connected to your local network?

    Isolate isn't really meant as a web control feature. It's to prevent lateral movement inside and environment. So, if these are active systems that aren't in your network and you want to prevent web access - you could use the Web Control and block all categories and uncategorized connections.

    I am a little confused about your use case. Can you clarify please.

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
Unfiltered HTML