Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 37689 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Content Filter Bypass and IP Address Exclusion

jprez1980

Hello All -

I plan to install the Sophos XG Home version in the next few days - years ago I had UTM 9 on a SG105 device and was able to have this function setup and was working great (until my broadband speed exceeded the power of the SG105 that is but thats another topic...)

Two quick questions please:

1)  How does one configure the content filter to restrict certain categories for all users and if a site is accessed that is blocked, allow a user to login to bypass the restriction?  We want to avoid having users login 100% of the time...so only login if a particular site is filtered and then allow that user to login to bypass it temporarily if that user's permissions allow.

2)  Certain devices need to bypass the filter altogether - i assume this is best accomplished by either mac address or static DHCP IP - how is this configured in the new GUI of XG?

Thanks all!



This thread was automatically locked due to age.
Parents
  • 0
    Jprez,


    for the first question you can create a Policy rule where you allow all web contents where no authentication is required for all you internal networks; second create a Policy rule where blocked categories are only allowed for certain users.

    For the second question, you can create clientless users and create a Policy rule where this "users" can bypass any filter. On clientless you can map only IP otherwise you can create a MAC host and create policy rule where the source host is the MAC host you created previously.

    Luk
  • 0 in reply to lferrara
    Thanks - this really helps. Based on what I've read (and the few videos I've found on YouTube it sounds like the GUI has significantly changed from the days of UTM 9. I did a google search but wasn't able to find a User Guide for Home XG - happen to know if that exists or some sort of more detailed walkthrough?

    Thanks
Reply
  • 0 in reply to lferrara
    Thanks - this really helps. Based on what I've read (and the few videos I've found on YouTube it sounds like the GUI has significantly changed from the days of UTM 9. I did a google search but wasn't able to find a User Guide for Home XG - happen to know if that exists or some sort of more detailed walkthrough?

    Thanks
Children
  • 0 in reply to lferrara
    Hi Luk - appreciate your replies, I also have the same question as being referenced above and also for a home license. Are you able to provide more in depth steps or screens perhaps? It looks as though user portal or user account creation is also required for this bypass item to work properly. I can't find any videos or steps from "soup to nuts" to get this to work - any ideas? -- Thx
  • +1 in reply to MarkRogers

    Mark,

    Sophos are going to publish new video soon. Anyway I can post some screenshot about how to create clientless users and additional web filters.

    So to create web filter see screenshot "Create Web Filter". In this way you can create 2 additional web filter, where the first will be used to allow website to all users while the second will be used to allow access only to authenticated users.

    Once Web filters are created, make sure to create to Policy Rule. The first is a user rule where you allow HTTP & HTTPS traffic to all users that need to access blocked website. Here make sure to set the proper Web Filter inside the rule. See screenshot "Web Filter".

    After this rule create a network rule where you allow HTTP&HTTPS traffic to all internal devices and use the other Web Filter created.


    Clientless users can be added as "users" and can be created under Objects > Indentity > Clientless.


    Also make sure to modify the Authentication Service. See "Authentication Services"

    Luk

Unfiltered HTML