This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking intermet access during a time frame

Hello,

I'm new to the Sophos UTM and trying to find howto block internet access for certain devices on the network in a time period. I can identify them by IP address and mac address. Have created a network list with hese devices.

After that created a web filter profile, put the network list in allowed networks and added a policy (no user and based on the default content filter block action) and a time event schedule.

After saving all this and enabling it, the blocking works partly but:

1. It blocks traffic all the time for the devices in the network list without regards for the time event schedule. So seems that it doesn't look at the event schedule at all.
2. Someone on the blocked devices is getting a blocking screen and the option to overide this after logging in with a user account. I don't want to offer the option to overide this, so how can I disable this?
3. Several messaging applications like whatsapp are working, regardless of the blocking rules in webfiltering. So it looks like webfiltering is not blocking everything at all? How can I accomplish this?

This thread was automatically locked due to age.

Parents

0 BAlfson over 9 years ago

why is a policy that I created inside a new web filter profile and made just for that profile added to the overall default web filter as a policy and enabled

Policies are available across all Profiles, but I've never seen one activated in other Profiles when activated in one.

Anyway, this does not seem to work.

It definitely works, but without "the line from the Web Filtering log file where the access was passed and the expression you think should have blocked it," we can't guess what question you didn't ask about the configuration.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 gcraenen over 9 years ago in reply to BAlfson

Yes, off course.

Just opened the web filtering log and wow there is lot. I don't really know how the find anything in there. I guess I first have to find out how make this "wave of lines" more humanly readable [:)] with the help of some tooling.

So to make it more precise, you're looking for lines with the src address of the client where access should be blocked, but is actually going through?

How can I recognise the last part of this in the log, is there a keyword I can use to search on next to srcip=x.x.x.x?

Policies are available across all Profiles, but I've never seen one activated in other Profiles when activated in one.

It definitely works, but without "the line from the Web Filtering log file where the access was passed and the expression you think should have blocked it," we can't guess what question you didn't ask about the configuration.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 gcraenen over 9 years ago in reply to BAlfson

Yes, off course.

Just opened the web filtering log and wow there is lot. I don't really know how the find anything in there. I guess I first have to find out how make this "wave of lines" more humanly readable [:)] with the help of some tooling.

So to make it more precise, you're looking for lines with the src address of the client where access should be blocked, but is actually going through?

How can I recognise the last part of this in the log, is there a keyword I can use to search on next to srcip=x.x.x.x?

Policies are available across all Profiles, but I've never seen one activated in other Profiles when activated in one.

It definitely works, but without "the line from the Web Filtering log file where the access was passed and the expression you think should have blocked it," we can't guess what question you didn't ask about the configuration.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data