Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block youtube for a particular IP range in Sophos XG

Hi everyone,

Firstly let me explain the setup i have for my home network

Have WAN plugged into a mini PC which runs Sophos XG. On Interface 4 of Mini PC i have plugged in ubiquiti AP from which other devices get wifi connection ( mobile phone , laptop etc )

The IP range i have assigned for Port 4 is  10.1.1.10/24

What I'm trying to achieve is to test and block youtube for wifi users , also  would like to limit internet speed / usage after 7pm on weekdays

Please advise if its possible with the setup i have

Please include screen shots of rules if possible 

Unable to upload any from my end cos im at work 

Keep up the good work on the discussions , very helpful 

Thanks

Raju George

Melbourne



This thread was automatically locked due to age.
Parents Reply Children
  • Thanks Ian , will check it out and keep posted, much appreciated 

  • Hi Ruka,

    when you create your firewalls and they don't work as expected, please post expanded screenshots of the rules and the edited logviewer entries showing the failure.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Please find attached Firewall rule and Web and App Policy createdSophos block youtube FW rule screen shots.docx

  • Hi,

    Please include them your post, not as seperate documents, makes the thread easier for all to follow.

    Why does LAN 4 which appears to be the internet access have an IP address in the internal network. What interface does the Unifi AP connect to?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian, 

    ISP cable connects to Port 2



    Unifi AP Connects to Port 4



    IP Range for Port 4 is 



    Wanting to block this IP Range



    Web Policy created



    Application Policy created 



    Firewall rule created 


    When I enabled this Firewall , Internet is disabled for all wifi users on 10.1.1.1/24

  • You appear to have two address ranges on port 4. Are you using the unifi ap to assign ip addresses, if so you must have a Nat which the XG will not see the 10 range.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Have this on Port 4 



    I can change the Unifi Wireless Network to match the above range , if that would help

  • Do you use the Unifi AP to assign IP Addresses to connections? Managing access and firewall rules is much easier if you allow the XG to assign IP addresses.

    Port 4 is a 192.168 address range, the unified clients should also be in that range if you want to suse the XG firewall rules.

    What is the aim of using the 10.1 IP address range?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Was wanting to have different networks , like

    Port 172.16.16 /24

    Port 2 WAN on 192.168.1/24

    Port 3 on 10.0.0 / 24

    Port 4 on 10.1.1 / 24  

    Is there another way to achieve this

    Please advise

  • The unified network needs it own range as you have configured and has nothing to do with port 4.

    You have labelled port 4 as LAN it should be WAN then your rules might work.

    How do you connect to the internet?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.