Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block youtube for a particular IP range in Sophos XG

Hi everyone,

Firstly let me explain the setup i have for my home network

Have WAN plugged into a mini PC which runs Sophos XG. On Interface 4 of Mini PC i have plugged in ubiquiti AP from which other devices get wifi connection ( mobile phone , laptop etc )

The IP range i have assigned for Port 4 is  10.1.1.10/24

What I'm trying to achieve is to test and block youtube for wifi users , also  would like to limit internet speed / usage after 7pm on weekdays

Please advise if its possible with the setup i have

Please include screen shots of rules if possible 

Unable to upload any from my end cos im at work 

Keep up the good work on the discussions , very helpful 

Thanks

Raju George

Melbourne



This thread was automatically locked due to age.
Parents
  • Hi, You will need two rules, one with allow time and the other with block time. You will need to make sure that the ip address range does not appear in any other firewall rules.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks rfcat_vk , will try and let know 

    how about blocking youtube for this ip range at all times , would that be achieved as well with these rules ?

  • TPG will not change their connection method, I use Aussie BB, they don't use any special connection methods. I suggest you check the whirlpool forums for advice on other ISP/RSPs.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks Ian , will do , appreciate your help mate

  • Hi Ian,

    Are you referring to such a setup 



    Does all NBN NCD support this ? 

    If i was to contact TPG , please advise what requirement should i be querying

    Appreciate any tips

    Thanks

  • Do search for TPG fttp configuration requirements.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • As far as I can see, just plug the XG into port1 of the NBN box and wait for about 30 minutes after you have configured the XG for DHCP.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Plugging XG directly to NBN NCD did the trick , have entered PPPoE details and got it connected 

    Have Ubiquiti AP connected to Port 4 , and wifi devices are connecting to it successfully as well

    Please advise what's the best practise of configuring DHCP on XG

    Also is it OK to choose "Obtain DNS from PPPoE"

  • Hi Ruka,

    start using the IPS provided DNS until you find they do not meet your requirements.

    Using XG for as the DHCP server, I am not sure best practice, but I use limited ranges because ZI don't have 200 devices on my network and use static addressing. The reason of the static addressing is so I can use clientless device management in firewall rules which makes device management easier because by changing group membership you can move devices into different rules within the same IP address range.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks Ian

    Back to my original question , please advise how I can block youtube on devices connecting to Port 4 ( Ubiquiti AP )



  • You need to change the services to http/s, enable application control and IPS to LAN to WAN. Enable check http etc while using the web proxy.

    The firewall rule needs to be at the top of the firewall list.

    Ensure the devices you wish to block have no access to other networks eg LAN or SIM cards so they stay within the blocking IP address range.

    After a couple of hours check logviewer using the IP address range to the network identity to ensure the traffic is only hitting the block firewall rule. You might need to restart your XG to break the existing connections and enforce the new firewall rules.

    Ian

    I also recommend blocking proxy and tunnels.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Under Web Policy , i only see an option to add users / groups but not an IP range

Reply Children