This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HOw to block some users from all internet traffic

We have all internet browsing traffic going out our Astaro.  I would like to block some PCs from gaining access to the Internet.

For example, I set up a rule (testblocking.jpg)
Within this rule I have a DNS Group (testdeleteGroup.jpg) with my test machine in for now.  I have it blocking typical browsing protocols ( webSurfingGroup.jpg)

I placed this before my allow browsing rule.  I also placed at the top, and just for giggles at the bottom.

No matter where the rule is, the PC in the test blocking group can still browse the web with no issues.

ANy idea how to set this up so I can block a group of PCs from browsing the web?

THanks in advance
Dave

This thread was automatically locked due to age.

0 Danzer_Astaro over 12 years ago

Thanks to all who replied.
I got it working both ways (simple firewall rule with transparent mode skip list, and web filter proxy profile)
This way the supervisors can descide which way they want to deploy.

I had to use hard coded IP addresse (with a DHCP reservation) because a host entry would not resolve properly (the crux of it not working to begin with) . I have a case open with Astaro on that, but I'm not holding my breath on that getting resolved anytime soon though.

Thanks Again
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

If you aren't getting DNS resolution, you might want to consult: DNS Bet Practice.

Also, the key difference between DNS Host and DNS Group is that DNS Host only returns the first A-record if there are multiples, and DNS Group will grab all A-records in DNS.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel