This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Domain Admins from accessing the internet through Sophos XG firewall

Is it possible to block flows of traffic from users who are in the Domain Admins Active Directory group when they try to access the internet?

The firewall is currently identifying users and identifying them correctly as a member of the Domain Admins domain membership using STAS.

I set up up a LAN to WAN rule with "Match known users" ticked and "Domain Admins" added, but the problem is it treats ALL traffic from the server IP address from accessing the internet regardless of which user is on the server.

What I need is for the firewall to know which sessions are from which user, so it only blocks domain admins traffic and allows all other traffic for all other users.

Is it possible and if so how do you do it?

This thread was automatically locked due to age.

Top Replies

LuCar Toni over 2 years ago +1

Match user should not be used on a server networks, as most likely it can block legit traffic or bypass this traffic. You should separate the network between LAN with client and a server network with only…

0 LuCar Toni over 2 years ago

Match user should not be used on a server networks, as most likely it can block legit traffic or bypass this traffic. You should separate the network between LAN with client and a server network with only the server. On the server network, you should untick the option.

If you are talking about the server itself, so you want to block the sessions (RDP) for example, you need SATC, not STAS or Intercept X for server.

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel
0 S248 over 2 years ago in reply to LuCar Toni

Yes, we already have the servers on a separate subnet to the users.

When an AD user in the Domain Admin group logs on to a server, the firewall then thinks all traffic coming from that server is from that user and drops it. Even after the user logs off the server, the traffic is still dropped.

The servers still need to be able to get to the internet, but we need to be able to block internet access when a Domain Admin tries to access the internet.

SATC appears to be for thin client servers, is it appropriate to use SATC for all servers even if they are not RDS or Citrix servers, in order to achieve this goal?
Cancel
Vote Up 0 Vote Down

Cancel