Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 13 subscribers
  • Views 3599 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Computer groups: deny internet access / "isolate"

Zeke Furness

Hi all,

I've been scratching my head for quite some time now looking for a way to bulk isolate machines in the endpoint protection module of Sophos Central.
Our company policy is to isolate machines not seen on the system for 30+ days, which can be 250+ computers a time to isolate one by one!

I've recently discovered the computer groups feature and noticed you can have set policies per group;
Is there a particular way to set up so that a certain computer group cannot access the internet, so isolating by proxy?

Any other workarounds welcome - thanks in advance Thumbsup



This thread was automatically locked due to age.
Parents
  • 0

    what do you mean by "not seen on the system"? Are you saying the devices haven't reported into Central in 30 days? Or that they are green in Central but they haven't connected to your local network?

    Isolate isn't really meant as a web control feature. It's to prevent lateral movement inside and environment. So, if these are active systems that aren't in your network and you want to prevent web access - you could use the Web Control and block all categories and uncategorized connections.

    I am a little confused about your use case. Can you clarify please.

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to RichardP

    Thank you for your response RichardP.

    To clarify, I mean the computer hasn't been active on our company network / hasn't been signed into on our domain in a while.

    We use Active Directory to disable AD accounts after a certain period but the thinking with isolating computers through Sophos Central was if someone was to log into one of our computers with a local account, the web restrictions would still apply through Sophos where our group policies wouldn't be in effect.

    Hope that clarifies better.

    Zeke


  • +1 in reply to Zeke Furness

    ok, you don't need to use Isolate for this. Edit the base web control policy that does the restrictions you want. This applies to all users who don't have another policy assigned - so would apply to the local user. Then you could have a less restrictive policy for normal users and assign that in bulk in Central.

    I hope this helps.  

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to RichardP

    Thank you, that makes perfect sense.

    Zeke

Reply Children
No Data
Unfiltered HTML