This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allowed Network performance

I was have around 180 locations that are going to access our UTM web protection and have the need to only allow half of the ip subnets because their is restricted access from som IP network.

Unfortunately we can not define a network with a mask 255.255.0.0 because of the restricted sites are mixed in-between.

I'm afraid that we will have to create 100 network with a mask 255.255.255.128 because of this and was wondering if this will cause any performance issues?  



This thread was automatically locked due to age.
Parents
  • Hans Petter, this is a question you should ask Sophos Support - please let us know what the official answer is.

    In fact, you would only need the /25 definitions for the sites that have IPs not allowed to use Web Filtering.  Just put those definitions in a Web Filtering Profile above one for the /16 subnet.  Accesses from sites with restrictions will never "see" the Profile for the /16 subnet.  I think you may already know that...

    You didn't mention what UTM you have.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • The issue that makes it more difficult is that these sites need access to two web pages.

    Is it possible to bloack all web pages except for two for the specific ip ranges?

     

    Hans  

  • Absolutely - just clone the 'Default content filter block action', rename it, add the two sites on the 'Allow These Websites' on the 'Websites' tab, activate Antivirus scanning and Save.  Assign this Filter Action to a Policy with empty 'User & Groups' in the new Profile and activate it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Absolutely - just clone the 'Default content filter block action', rename it, add the two sites on the 'Allow These Websites' on the 'Websites' tab, activate Antivirus scanning and Save.  Assign this Filter Action to a Policy with empty 'User & Groups' in the new Profile and activate it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data