Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 1645 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

School Network, Sophos XG, how to block certain clients from accessing internet ?

Gerhard Pircher

I have a Sophos XG 330 18.0.4 MR-4. We are a school and i need to prevent internet access for one room with 20 PCs, for tests.  PCs get their Reserved IP from DHCP Range 192.168.2.80-192.168.2.100. What i do have so far: I made a Firewall rule to block traffic to these IPs. The firewall is configured with webproxy transparrent. I have also made a IP-Hosrt Group under Hosts and services. I am stuck there now as i dont know how to bypass the webproxy transparent mode for these PCs so that my manually firewall rule will apply. I went to > WEB > Exceptions >New Exception > Name ( Block PCs in Room 20) > " The rest here i have no idea what to set under "Url Pattern Match or even "if" i have to even put something. Also what is important is that these PCs usually have internet but only when they have exams on these PCs i can turn on and of the Firewall rule so i can cut internet to them for that time. Can someone help out how and where on the XG i have to make settings. 



This thread was automatically locked due to age.
Parents
  • +1

    Essentially there are different approaches, related to the definition, you want to do. 

    You could start to block it with the firewall (ClientIP to WAN via Port443 --> Block). Or you could use the Webfilter to block this. The Webfilter will need authentication to work. So you need to authenticate those clients. You can do this with clientless, or STAS / other services. 

    __________________________________________________________________________________________________________________

  • +1 in reply to LuCar Toni

    This explanation has helped me to get it to work. Obviously, the clients come from LAN, that is what I had all wrong, I had it opposite. I had not completely (still) understood how this all works. Thanks a lot.  I made from LAN (clients) to WAN a Firewall rule Block. As for your 2nd aproach, i have no idea............ happy it works. 

Reply
  • +1 in reply to LuCar Toni

    This explanation has helped me to get it to work. Obviously, the clients come from LAN, that is what I had all wrong, I had it opposite. I had not completely (still) understood how this all works. Thanks a lot.  I made from LAN (clients) to WAN a Firewall rule Block. As for your 2nd aproach, i have no idea............ happy it works. 

Children
No Data
Unfiltered HTML