Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best approach on (time scheduled) block internet access for specific hosts but allow (or block) others on demand

Kostas Backas1

Hello,

We've been asked to block internet access during a specific time for some devices, and I guess we can do it via MAC or IP hosts. However, this first question came up:

What if the "blocked" clients use other device to access internet? How can we give access (or block access) to a specific device that is not part of the known network?

 

Best regards

Kostas



This thread was automatically locked due to age.
  • 0

    Hi Kostas,

    The easiest way is to use Authentication. That way it wouldn't matter which device the user tries to access the Internet from, they will be restricted. 

    1. Create a schedule of when you want the devices to be limited. System > Profiles > Schedule

    2. Apply this schedule to a web filter policy. If you would like to apply it to the same web filter policy that you use for everyone, clone that policy and under 'Constraints' select the schedule you created

    2. Create an additional firewall rule for the group of users who you don't want to be able to access the Internet during specific times.

    Specify those users under Identity > Match Known Users 

    3. Add this additional firewall rule ABOVE your existing LAN->WAN policy for everyone

    Hope that helps.

    Cheers,
    Karlos

     

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
    • 0

      Hi Kostas,

      For a visual, here's a youtube video you can watch on this topic:  https://www.youtube.com/watch?v=q0GwtPLS0nk

      Cheers,

      Karlos

      Karlos
      Community Support Engineer | Sophos Technical Support
      Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
      If a post solves your question use the 'This helped me' link.