This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering Policies based upon IP Address

I am in the process of migrating from a SonicWALL TZ215 to Sophos UTM9 for my home network.  The first issue I am having is in recreating my web filter policies.  I have 3 classes of machines on my network.  

  • Nodes that can browse anywhere
  • Nodes for kids that are restricted
  • Nodes that should not be allowed to browse at all

On my SonicWALL it was very easy to simply set up IP ranges and assign different policies to them.  Then anyone in that range automatically had that policy.  So all of my DHCP reservations and static assignments have nodes grouped into appropriate ranges for different policies.

I am trying to recreate this on Sophos but so far, have had no luck.  This is a home network so no AD.  I also do not want users to be required to authenticate.  I just need a policy auto applied to certain IPs.

Is this possible?  I'm not having much luck figuring this out.  Thanks in advance.



This thread was automatically locked due to age.
Parents
  • In short...;)

    First, change Default Web Filter Profile:
     - Allowed Networks (Nodes that should not be allowed to browse at all).
     - In Base Policy select "Default content filter block action".

    Second, create new Web Filter Profile "Kids Profile":
    - Allowed Networks (Nodes for kids that are restricted), Operation mode Transparent, Default authenticaton - None.
    - Add policy "Kids Policy", leave Users/Groups empty, and create new filter action "Kids Filter Action", specifying desired restrictions.

    Third, create new Web Filter Profile "No restriciton Profile":
    - Allowed Networks (Nodes that can browse anywhere), Operation mode Transparent, Default authenticaton - None.
    - Add policy "No restriction Policy", leave Users/Groups empty, and create new filter action "No restriction Filter Action", specifying desired restrictions. Make sure that this profile is listed above "Kids Profile".

    Make sure also that all of the web filter profiles are activated (green button on the left), and that in each of the web profiles only policy created for that profile is activated (green).

  • Awesome thank you. I am getting closer! I went ahead and defined my ranges. The problem is when I try to assign them to the web filter profile allowed networks, it doesn't let me. I can assign other built-in objects but any of my defined ranges, when I drag them over they just shoot back to the other side. What are the requirements for these objects?
  • Actually I just found this in the manual: Network range objects cannot be used with every network configuration throughout WebAdmin. For more information about network range objects, see section Where Network Range Objects Can Be Used.

    Strange. So I guess I need to redefine my objects as actual subnets?
Reply
  • Actually I just found this in the manual: Network range objects cannot be used with every network configuration throughout WebAdmin. For more information about network range objects, see section Where Network Range Objects Can Be Used.

    Strange. So I guess I need to redefine my objects as actual subnets?
Children
  • I think I got it. Out of curiosity, why does the order of filter profiles matter if they are all locked down to allowed networks? What happens if there is allowed network overlap? Most restrictive wins?

    Also, what happens if there are nodes that do not match and allowed networks (for base or any). Are they denied access or they end up bypassing the webfilter entirely?