I am a home user of Sophos XG.
My home network is broken out like this:
IP Ranges Purpose
172.16.16.1 - 172.16.16.19 Network Devices / Servers
172.16.16.20 - 172.16.16.149 Primary DHCP
172.16.16.150 - 172.16.16.169 Personal Phones / Tablets / Laptops
172.16.16.170 - 172.16.16.199 IOT Devices
172.16.16.200 - 172.16.16.219 Kid Devices w/ Filtering
172.16.16.220 - 172.16.16.229 Streaming Devices
172.16.16.230 - 172.16.16.254 Unassigned
I use static mapping in DHCP to assign the proper IP range. I have firewall rules for each of these groups based on the needs and desired protection for each of these. But I realized it’s possible to bypass those protections if a user on the kid devices group does a manual IP change on their device to a group that has less filtering. Is there a way to prevent this from happening? Should I enable most restrictive rules for all devices then bypass the one or two devices that need more access? My kids are only toddlers, so I’m not having this problem now I’m just curious how I should handle it.
Is there a better way to set this up? All devices that have internet browsing capabilities are WiFi. No Ethernet PCs on my network.
Quote