How to block youtube for a particular IP range in Sophos XG

Hi, You will need two rules, one with allow time and the other with block time. You will need to make sure that the ip address range does not appear in any other firewall rules.

Thanks rfcat_vk , will try and let know 

how about blocking youtube for this ip range at all times , would that be achieved as well with these rules ?

Thanks Ian , will check on it

If its VLAN , please advise what i should be checking with TPG to change it to

Else i can shop for other ISP who provides the requirement

Appreciate your assistance

TPG will not change their connection method, I use Aussie BB, they don't use any special connection methods. I suggest you check the whirlpool forums for advice on other ISP/RSPs.

Ian

Thanks Ian , will do , appreciate your help mate

Hi Ian,

Are you referring to such a setup 



Does all NBN NCD support this ? 

If i was to contact TPG , please advise what requirement should i be querying

Appreciate any tips

Thanks

Do search for TPG fttp configuration requirements.

Ian

As far as I can see, just plug the XG into port1 of the NBN box and wait for about 30 minutes after you have configured the XG for DHCP.

Ian

Hi Ian,

Plugging XG directly to NBN NCD did the trick , have entered PPPoE details and got it connected 

Have Ubiquiti AP connected to Port 4 , and wifi devices are connecting to it successfully as well

Please advise what's the best practise of configuring DHCP on XG

Also is it OK to choose "Obtain DNS from PPPoE"

Hi Ruka,

start using the IPS provided DNS until you find they do not meet your requirements.

Using XG for as the DHCP server, I am not sure best practice, but I use limited ranges because ZI don't have 200 devices on my network and use static addressing. The reason of the static addressing is so I can use clientless device management in firewall rules which makes device management easier because by changing group membership you can move devices into different rules within the same IP address range.

Ian

Thanks Ian

Back to my original question , please advise how I can block youtube on devices connecting to Port 4 ( Ubiquiti AP )

You need to change the services to http/s, enable application control and IPS to LAN to WAN. Enable check http etc while using the web proxy.

The firewall rule needs to be at the top of the firewall list.

Ensure the devices you wish to block have no access to other networks eg LAN or SIM cards so they stay within the blocking IP address range.

After a couple of hours check logviewer using the IP address range to the network identity to ensure the traffic is only hitting the block firewall rule. You might need to restart your XG to break the existing connections and enforce the new firewall rules.

Ian

I also recommend blocking proxy and tunnels.

You need to change the services to http/s, enable application control and IPS to LAN to WAN. Enable check http etc while using the web proxy.

The firewall rule needs to be at the top of the firewall list.

Ensure the devices you wish to block have no access to other networks eg LAN or SIM cards so they stay within the blocking IP address range.

After a couple of hours check logviewer using the IP address range to the network identity to ensure the traffic is only hitting the block firewall rule. You might need to restart your XG to break the existing connections and enforce the new firewall rules.

Ian

I also recommend blocking proxy and tunnels.

Hi Ian,

Under Web Policy , i only see an option to add users / groups but not an IP range

The range would be in the source network of the firewall rule.

Ian

HI Ian ,

Have Web Policy for blocking youtube as 

but with this Firewall rule , access to Internet is denied to all websites

Policy test results

You need to have another policy/ies that allows access and can be part of that rule. Your default action is to block everything.

I also suggest you change your services to http/s.

Ian

Thanks Ian, didnt get a chance , will try and let know