Hello
I need help, I can't get it.
I want to block the entire internet, except the Google Map page, to a single user.
I enabled STAS but I couldn't assign a rule to the user.
Thank you.
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hello
I need help, I can't get it.
I want to block the entire internet, except the Google Map page, to a single user.
I enabled STAS but I couldn't assign a rule to the user.
Thank you.
Hi Yosi,
If you have created a firewall rule, can you share the configuration you created with us?
You can also try these steps to configure whitelisting:
1. Create a category for the Google Maps: go to PROTECT>Web>Categories> then click Add
2. Create the policy: go to PROTECT>Web>Policies> then click Add Policy
Ensure this is only applied to the specific STAS user, then add the Google Maps category configured in step 1. The action should be allowed and the status should be ON
3. Create a DNS rule (this is to ensure that the domain will be resolved first before applying the policy)
4. Create the whitelisting firewall rule (ensure that this rule is below the DNS rule; ensure the destination network is *.google.com)
Hope this helps.
THANKS
Not work for me.
I make copy but not work, the user can arrieved to all web site.
Make sure that this rule is at the very top since your user can still catch a different firewall rule.
You can also use the log viewer policy checker to check if it will catch the firewall rule
Make sure that this rule is at the very top since your user can still catch a different firewall rule.
You can also use the log viewer policy checker to check if it will catch the firewall rule
There’s something wrong with your configuration since you mentioned that the STAS user can access the internet, then a firewall rule should appear in the policy test. You can check section 7-b of the kb-article: Sophos Firewall: Best practice for STAS - Recommended Reads - Sophos Firewall - Sophos Community which indicated a firewall rule for STAS users.
For the policy test that you did, I suspect that you indicated the wrong Source IP, which isn’t a part of your network that caused the "No matched rule".
To further investigate the issue, I would recommend that you contact our support so that we can further check the behavior.
Hello
If it's true, I was wrong with the IP.
I thank you in advance for your time.
STAS WORK
That's great, and it seems that the configuration is correct. Are you still experiencing any issues?
Yes, I log in with the user, and I can browse any website. The idea is everything is blocked except Google maps
I suggest contacting the support hotline to further help you with your issue so that we can check the conntrack if it’s actually using that firewall rule.
You can also try restarting that computer just to be sure