We'd love to hear about it! Click here to go to the product suggestion community
Need some assistance, please.
I am running a Sophos XG210
I was requested to block certain users from all Web browsing/traffic except some business required sites.
I previously did something similar what I needed, adding rules to the Default Web Policy that is being applied to the default firewall rule, blocking URLs from youtube.com and facebook.com and then adding at top rules that allow access to certain users in a group via Active Directory with a whitelist containg those URLs.
This works well.
I was following the same strategy but is not working creating a rule and tested adding a user to the grpInternetBlock...
but when I test it, the user can still browse and navigate internet:
Is it the best approach? What could I be doing wrong? I know I can block by mac address but I believe that would cut off everything from the machine.
I appreciate so much your help!
Hi Abraham Beaudry There are multiple ways to apply content filtering in the firewall.You may apply the web and app filter policy on users, groups and firewall rules.You must apply HTTPS scanning to block traffic over port 443.Below given article would helpful.https://community.sophos.com/kb/en-us/125683https://community.sophos.com/kb/en-us/123833https://community.sophos.com/kb/en-us/132997
In reply to Keyur:
Thank you very much! I will look at this!
It seems i've been able to apply Transparent Mode to some extent but it is getting strange behavior. I mean, in some computers work and other don't.
For example, I have a user "user1" and when I go to the Policy Test area and try a website (that has to be blocked), it says that it is being blocked, however, one computer may be working but the same user at another computer does not work.
The strange part is that the Policy Tester indicates it is blocking the sites...
In reply to Abraham Beaudry:
Your issue is probably with authentication, not with the web policy itself.
In reply to MasterRoshi:
Hmm...Do I need NTLM for this? I disabled it.
Your policy is based on what I assume are AD groups, you can change this to ANY if you don't have an authentication mechanism in place.
Correct! I did as you said and as soon as the firewall ruled applied, I lost internet browsing. Had to put it back >.<
Would I usually need NTLM for this?
You can use lots of things like captive portal/stas/ntlm, choose whatever suits your needs.
Will look into it! Thanks.