Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 41 replies
  • Answers 3 answers
  • Subscribers 40 subscribers
  • Views 6528 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block youtube for a particular IP range in Sophos XG

Ruka

Hi everyone,

Firstly let me explain the setup i have for my home network

Have WAN plugged into a mini PC which runs Sophos XG. On Interface 4 of Mini PC i have plugged in ubiquiti AP from which other devices get wifi connection ( mobile phone , laptop etc )

The IP range i have assigned for Port 4 is  10.1.1.10/24

What I'm trying to achieve is to test and block youtube for wifi users , also  would like to limit internet speed / usage after 7pm on weekdays

Please advise if its possible with the setup i have

Please include screen shots of rules if possible 

Unable to upload any from my end cos im at work 

Keep up the good work on the discussions , very helpful 

Thanks

Raju George

Melbourne



This thread was automatically locked due to age.
  • 0 in reply to Ruka

    Do search for TPG fttp configuration requirements.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    As far as I can see, just plug the XG into port1 of the NBN box and wait for about 30 minutes after you have configured the XG for DHCP.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi Ian,

    Plugging XG directly to NBN NCD did the trick , have entered PPPoE details and got it connected 

    Have Ubiquiti AP connected to Port 4 , and wifi devices are connecting to it successfully as well

    Please advise what's the best practise of configuring DHCP on XG

    Also is it OK to choose "Obtain DNS from PPPoE"

  • 0 in reply to Ruka

    Hi Ruka,

    start using the IPS provided DNS until you find they do not meet your requirements.

    Using XG for as the DHCP server, I am not sure best practice, but I use limited ranges because ZI don't have 200 devices on my network and use static addressing. The reason of the static addressing is so I can use clientless device management in firewall rules which makes device management easier because by changing group membership you can move devices into different rules within the same IP address range.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks Ian

    Back to my original question , please advise how I can block youtube on devices connecting to Port 4 ( Ubiquiti AP )



  • 0 in reply to Ruka

    You need to change the services to http/s, enable application control and IPS to LAN to WAN. Enable check http etc while using the web proxy.

    The firewall rule needs to be at the top of the firewall list.

    Ensure the devices you wish to block have no access to other networks eg LAN or SIM cards so they stay within the blocking IP address range.

    After a couple of hours check logviewer using the IP address range to the network identity to ensure the traffic is only hitting the block firewall rule. You might need to restart your XG to break the existing connections and enforce the new firewall rules.

    Ian

    I also recommend blocking proxy and tunnels.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi Ian,

    Under Web Policy , i only see an option to add users / groups but not an IP range

  • 0 in reply to Ruka

    The range would be in the source network of the firewall rule.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    HI Ian ,

    Have Web Policy for blocking youtube as 

    but with this Firewall rule , access to Internet is denied to all websites




    Policy test results

  • 0 in reply to Ruka

    You need to have another policy/ies that allows access and can be part of that rule. Your default action is to block everything.

    I also suggest you change your services to http/s.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML