Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 2 answers
  • Subscribers 3 subscribers
  • Views 7801 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering assigned to a specific Host (range Ip)

Dario D'Alessandro

XG 125 - UTM 9.0
(Firmware version: 9.510-5)

Goodmorning everyone,
I'm trying to set up different profiles to be applied to different Ip ranges within the same network.
I have an "Internal Lan" with Ip 192.168.0.0/24 and I would like an Address Range (192.168.0.30-150) to have some blocking rules, while other ranges have different Web Filtering Profiles.
The problem is that I can not identify a field in which to associate the Filtering Profiles with the Ip Range.
Thank you!



This thread was automatically locked due to age.
  • 0

    Hi Dario,

    in some modules configuration slots of the utm you cannot use the range object definition.
    The allowed networks in the web protection is one of them.

    The only option you have is to create a network group with the desired subnets and host definitions to use a "range" in your web protection.

    Best Regards
    DKKDG

  • 0

    Ciao Dario - welcome to the UTM Community!

    Note that you don't have to make additional subnets for the "every one else" Profile.  After you make several CIDR subnets to cover your blocking range, just use 192.168.0.0/24 for the following Profile.

    If you have Active Directory or similar tool, I would urge you to do user authentication instead of IPs.

    You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address.  For our German-speaking members, I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Tnks a lot for the answers:

    I know there are differents way to get the target, but I'm working for a school at this time, and they asked to get this kind of configuration.

    I've created the hosts using the MacAddress and a reservation on the Xg125, now I've to assigne a police to any "Group of hosts".. and I'm in trouble again.

    Thanks for any kind of suggest!!!

  • 0 in reply to Dario D'Alessandro

    Dario, there are two Sophos products that do many of the same things but are configured using different metaphors.  The UTM is basically the business purchased from Astaro about six years ago.  The XG is a new product developed primarily by the Cyberoam folks - the company Sophos bought about two years after Astaro.  If you have an XG, you will get better answers if you post in that community instead of here where we know little about XG.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Sorry,

    I've done a mistake...

    the Device is an Xg125 with UTM9, so I think I'm in the right Place!

    I hope there is a way to resolve this problem, 

    Tnks!

  • 0 in reply to Dario D'Alessandro

    ...another mistake:

    SG125 WITH UTM 9

    ...I'm sure!!

  • 0 in reply to Dario D'Alessandro

    You just need to populate the Allowed Networks list of the "restrictive" Filter Profile with network objects that match your requirements.  For x.x.x.30-150, you need

    x.x.x.30/31

    x.x.x.32/27

    x.x.x.64/26

    x.x.x.128/31

    x.x.x.130/32 (or as a host entry)

    Then ensure that the "restrictive" profile takes precedence over the relaxed profile.   

    Because it is secondary, the relaxed profile can be inclusive of the other address range, so this specification will work, as Bob Alfson already indicated:  x.x.x.0/24

  • 0 in reply to DouglasFoster
     
     
    Good evening to all and thanks for the answers:
    after listening to Sophos Support I was able to understand how to manage the assignment of WebFilterProfiles, I know that much information is taken for granted, but I work with other devices and the reasoning of UTM is not so intuitive.
    Moreover, to date the assignment of a Profile to a Range of IP Addresses is not allowed, I had to use a network definition on the basis of MacAddress and this does not seem to me anyway a point in favor of the product.
    Thank you all for the availability!
     
     
     
  • 0 in reply to Dario D'Alessandro

    Hi Dario,

    no need for mac adresses.

    Just use the network definitions Douglas mentioned

    Best Regards
    DKKDG

Unfiltered HTML