This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BLOCK ALL WEB

Hello
I need help, I can't get it.
I want to block the entire internet, except the Google Map page, to a single user.
I enabled STAS but I couldn't assign a rule to the user.
Thank you.

This thread was automatically locked due to age.

0 PhilippRusch over 1 year ago

Hello Yosi,

what do you mean by "you enabled STAS" ?

Did you configure one of your servers as a "collector" for it?

ave a look here: https://doc.sophos.com/nsg/sophos-firewall/19.5/help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/STAS/index.html

Are you running a Windows ADS?

Maybe it is far more easy to add your DCs to the authentication servers and then use the ADS-account to select for the user-specific rule.

Mit freundlichem Gruß, best regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

0 Yosi Ajzenwaser over 1 year ago in reply to PhilippRusch

First:
Thanks for answering.
I have set STAS to DC.
I see users in SOPHOS, but I cannot generate a rule for a certain user.

0 PhilippRusch over 1 year ago in reply to Yosi Ajzenwaser
Did they ever login?
Mit freundlichem Gruß, best regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Adam Dodge over 1 year ago

Hi Yosi,

If you have created a firewall rule, can you share the configuration you created with us?

You can also try these steps to configure whitelisting:

1. Create a category for the Google Maps: go to PROTECT>Web>Categories> then click Add

2. Create the policy: go to PROTECT>Web>Policies> then click Add Policy

Ensure this is only applied to the specific STAS user, then add the Google Maps category configured in step 1. The action should be allowed and the status should be ON

3. Create a DNS rule (this is to ensure that the domain will be resolved first before applying the policy)

4. Create the whitelisting firewall rule (ensure that this rule is below the DNS rule; ensure the destination network is *.google.com)

Hope this helps.
Cancel
Vote Up 0 Vote Down

Cancel
0 Yosi Ajzenwaser over 1 year ago in reply to Adam Dodge

THANKS

Not work for me.

I make copy but not work, the user can arrieved to all web site.
Cancel
Vote Up 0 Vote Down

Cancel
0 Adam Dodge over 1 year ago in reply to Yosi Ajzenwaser

Make sure that this rule is at the very top since your user can still catch a different firewall rule.

You can also use the log viewer policy checker to check if it will catch the firewall rule
Cancel
Vote Up 0 Vote Down

Cancel
0 Yosi Ajzenwaser over 1 year ago in reply to Adam Dodge
Cancel
Vote Up 0 Vote Down

Cancel
0 Adam Dodge over 1 year ago in reply to Yosi Ajzenwaser

There’s something wrong with your configuration since you mentioned that the STAS user can access the internet, then a firewall rule should appear in the policy test. You can check section 7-b of the kb-article: Sophos Firewall: Best practice for STAS - Recommended Reads - Sophos Firewall - Sophos Community which indicated a firewall rule for STAS users.

For the policy test that you did, I suspect that you indicated the wrong Source IP, which isn’t a part of your network that caused the "No matched rule".

To further investigate the issue, I would recommend that you contact our support so that we can further check the behavior.
Cancel
Vote Up 0 Vote Down

Cancel
0 Yosi Ajzenwaser over 1 year ago in reply to Adam Dodge
Hello If it's true, I was wrong with the IP.
Cancel
Vote Up 0 Vote Down

Cancel
0 Yosi Ajzenwaser over 1 year ago in reply to Yosi Ajzenwaser
I thank you in advance for your time.

STAS WORK
Cancel
Vote Up 0 Vote Down

Cancel