Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 4 subscribers
  • Views 4920 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block one web profile accessing another?

Louis-M

Corporate network = 10.1.1.0/24

Guest network = 192.168.1.0/24

Two web profiles created to allow the above.

However, clients accessing guest profile can browse to web servers on corp network. There are quite a few web servers so a block on the whole corp subnet would be nice.

If I put the subnet in tags, I can block it by IP but not by FQDN and I don't want to put 100 server URL's in there. Anybody know an easier way?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Louis-M

    So it's obviously:

    1. Create tag for interesting traffic (url, domain, cidr etc) eg your corp domain

    2. Apply that tag as a BLOCK on the filter that the above traffic hits eg Guest filter

     

    And as an added precaution, don't let guest traffic use the DNS proxy on the UTM ie use an external dns

Children
  • 0 in reply to Louis-M

    Louis, you might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address. For our German-speaking members, I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML