Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block youtube for a particular IP range in Sophos XG

Hi everyone,

Firstly let me explain the setup i have for my home network

Have WAN plugged into a mini PC which runs Sophos XG. On Interface 4 of Mini PC i have plugged in ubiquiti AP from which other devices get wifi connection ( mobile phone , laptop etc )

The IP range i have assigned for Port 4 is  10.1.1.10/24

What I'm trying to achieve is to test and block youtube for wifi users , also  would like to limit internet speed / usage after 7pm on weekdays

Please advise if its possible with the setup i have

Please include screen shots of rules if possible 

Unable to upload any from my end cos im at work 

Keep up the good work on the discussions , very helpful 

Thanks

Raju George

Melbourne



This thread was automatically locked due to age.
Parents
  • Hi, You will need two rules, one with allow time and the other with block time. You will need to make sure that the ip address range does not appear in any other firewall rules.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks rfcat_vk , will try and let know 

    how about blocking youtube for this ip range at all times , would that be achieved as well with these rules ?

  • Hi,

    Please include them your post, not as seperate documents, makes the thread easier for all to follow.

    Why does LAN 4 which appears to be the internet access have an IP address in the internal network. What interface does the Unifi AP connect to?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian, 

    ISP cable connects to Port 2



    Unifi AP Connects to Port 4



    IP Range for Port 4 is 



    Wanting to block this IP Range



    Web Policy created



    Application Policy created 



    Firewall rule created 


    When I enabled this Firewall , Internet is disabled for all wifi users on 10.1.1.1/24

  • You appear to have two address ranges on port 4. Are you using the unifi ap to assign ip addresses, if so you must have a Nat which the XG will not see the 10 range.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Have this on Port 4 



    I can change the Unifi Wireless Network to match the above range , if that would help

  • Do you use the Unifi AP to assign IP Addresses to connections? Managing access and firewall rules is much easier if you allow the XG to assign IP addresses.

    Port 4 is a 192.168 address range, the unified clients should also be in that range if you want to suse the XG firewall rules.

    What is the aim of using the 10.1 IP address range?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Was wanting to have different networks , like

    Port 172.16.16 /24

    Port 2 WAN on 192.168.1/24

    Port 3 on 10.0.0 / 24

    Port 4 on 10.1.1 / 24  

    Is there another way to achieve this

    Please advise

  • The unified network needs it own range as you have configured and has nothing to do with port 4.

    You have labelled port 4 as LAN it should be WAN then your rules might work.

    How do you connect to the internet?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I believe I'm connected to Internet via Port 2 since WAN cable from ISP is connected to Port 2

    Can we name two Ports with WAN label ?

  • The IP address on port 2 does not seem to be an address an ISP would assign you, more like something you have signed yourself.

    Change port 2 to DHCP.

    With your setup you would have 3 internal LAN ports and one WAN port.

    What is your ISP/RSP?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian , is it because i have Dynamic DNS as below 



    Had created them for enabling Sophos Connect ( VPN ) 

    My ISP is TPG  ( Fibre to Premise )

Reply Children