Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 4 subscribers
  • Views 4924 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block one web profile accessing another?

Louis-M

Corporate network = 10.1.1.0/24

Guest network = 192.168.1.0/24

Two web profiles created to allow the above.

However, clients accessing guest profile can browse to web servers on corp network. There are quite a few web servers so a block on the whole corp subnet would be nice.

If I put the subnet in tags, I can block it by IP but not by FQDN and I don't want to put 100 server URL's in there. Anybody know an easier way?



This thread was automatically locked due to age.
Parents
  • 0

    Note: I am not a UTM firewall rule guy.  I've no idea if this would work.

     

    Can you create a firewall rule.  Source is your Guest Network, Destination is your Corp network.  Service Web Surfing, and action Block.

  • 0 in reply to Michael Dunn

    The traffic is proxied before the firewall so fw rules won't come into effect here. Having no fw rules for web browsing will result in web traffic getting a default block if traffic ever got to it after the proxy.

  • 0 in reply to Louis-M

    So it's obviously:

    1. Create tag for interesting traffic (url, domain, cidr etc) eg your corp domain

    2. Apply that tag as a BLOCK on the filter that the above traffic hits eg Guest filter

     

    And as an added precaution, don't let guest traffic use the DNS proxy on the UTM ie use an external dns

  • 0 in reply to Louis-M

    Louis, you might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address. For our German-speaking members, I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Louis-M

    Louis, you might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address. For our German-speaking members, I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML