Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
New XG deployment (SFOS 18.0.4).
I created a few web policies so that we can control what websites authenticated users can go to. Seems to work fine.
I have about a dozen servers (some linux but most Windows) that run Services. The services will run even if I reboot the server but don't log into it. This is by design. I want/need to make sure that these servers are always able to communicate out to the Internet if required. I don't want to have to log into the server as a user, just so the server can get out to the internet. Is there a way to exclude hosts (servers) from having to authenticate with the firewall?
(FWIW: I believe in UTM a solution was to add the servers to the Transparent Mode Skiplist.)
You essentially can copy/paste the option of UTM by creating a Firewall rule with source hosts your servers and WAN ANY.
The servers will bypass the entire proxy.
Coming next should be a LAN to WAN Rule…
Are those system in the same subnet as your current network? Then place a Firewall rule above your proxy firewall (LAN to WAN) and tell XG to no use a webfilter in this firewall rule.
Yes the servers are in the same subnet as my workstations. If I create a rule that does not use a web filter and place it higher in the list, wouldn't ALL hosts (workstations and servers) use that rule?
Coming next should be a LAN to WAN Rule to pickup every client.
XG uses a first match rule.
Filtering criteria are: Source IP, Destination IP, Service.
Source IP can be: Username (matched to a IP), IP Address, Network Zone.