BLOCK ALL WEB

Hi Yosi,

If you have created a firewall rule, can you share the configuration you created with us?

You can also try these steps to configure whitelisting:

1. Create a category for the Google Maps: go to PROTECT>Web>Categories> then click Add

2. Create the policy: go to PROTECT>Web>Policies> then click Add Policy

Ensure this is only applied to the specific STAS user, then add the Google Maps category configured in step 1. The action should be allowed and the status should be ON

3. Create a DNS rule (this is to ensure that the domain will be resolved first before applying the policy)

4. Create the whitelisting firewall rule (ensure that this rule is below the DNS rule; ensure the destination network is *.google.com) 

Hope this helps. 

Hi Yosi,

If you have created a firewall rule, can you share the configuration you created with us?

You can also try these steps to configure whitelisting:

1. Create a category for the Google Maps: go to PROTECT>Web>Categories> then click Add

2. Create the policy: go to PROTECT>Web>Policies> then click Add Policy

Ensure this is only applied to the specific STAS user, then add the Google Maps category configured in step 1. The action should be allowed and the status should be ON

3. Create a DNS rule (this is to ensure that the domain will be resolved first before applying the policy)

4. Create the whitelisting firewall rule (ensure that this rule is below the DNS rule; ensure the destination network is *.google.com) 

Hope this helps. 

THANKS

Not work for me.

I make copy but not work, the user can arrieved to all web site.

Make sure that this rule is at the very top since your user can still catch a different firewall rule.

You can also use the log viewer policy checker to check if it will catch the firewall rule

There’s something wrong with your configuration since you mentioned that the STAS user can access the internet, then a firewall rule should appear in the policy test. You can check section 7-b of the kb-article: Sophos Firewall: Best practice for STAS - Recommended Reads - Sophos Firewall - Sophos Community which indicated a firewall rule for STAS users.

For the policy test that you did, I suspect that you indicated the wrong Source IP, which isn’t a part of your network that caused the "No matched rule". 

To further investigate the issue, I would recommend that you contact our support so that we can further check the behavior. 

Hello
If it's true, I was wrong with the IP.

I thank you in advance for your time.

STAS WORK

That's great, and it seems that the configuration is correct. Are you still experiencing any issues?

Yes, I log in with the user, and I can browse any website. The idea is everything is blocked except Google maps

when you check logviewer is the user actually hitting the firewall rule?

ian

I suggest contacting the support hotline to further help you with your issue so that we can check the conntrack if it’s actually using that firewall rule. 

You can also try restarting that computer just to be sure