Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 8370 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos endpoint security block

magesh

Dear Sir,

We are testing Sophos Enterprise console version 5 and we come across below scanario,

User connected outside internet using usb tangle once connected the interenet we have to block browsing and everything except vpn access. Once vpn is connected he have to browse as per office network security policy for which is defined in the management console. So kindly advice how to develop this type of scanario policy. Our aim is after connecting vpn server only able to browse and use other stuffs like file sharing and etc.,

Thanks for your support in advance.

Thanks N regards,

Magesh Kumar .P

:23451


This thread was automatically locked due to age.
Parents
  • 0

    We need further clarification for configuring firewall policy as dual location. Our firewall policy configuation as follow,

    We had created policy as roaming policy, in that we had configured as Dual location mode. Primary location as our own network (our domain ip address as added here) and secondary location as out of our network.

    In Primary Location configuration:

    In the configuration - General tab Working mode selected as Allow by default

    Blocking , Reporting and Desktop messaging check boxes are selected.

    ICMP: Everything is unchecked.

    Lan settings : We are configure our domain network ipaddress series with domain name. Area as local and NetBIOS and Trusted  select boxes are checked. Block file and printer sharing for other networks option as checked.

    Global Rules:

    Allow loopback TCP connection

    Allow GRE protocol

    Allow PPTP control connection

    Allow loopback UDP connection

    Block RPC call (TCP)

    Block RPC call (UDP)  - select boxes are checked.

    In the Secondary location configuration as follow:

    Configure - General tab - Woking mode as Block by default

    Blocking , Reporting and Desktop messaging check boxes are selected.

    In the ICMP tab -

    Echo Reply - In is checked

    Destination Unreachable - In & out checked

    Echo request - Out is checked

    Router advertisement - In is checked

    Router solicitation - Out is checked

    Time exceeded - In is checked

    In the Lan tab - Nothing added and also uncheked as Block file and printer sharing for other networks.

    We had tested dual location in test pc and we get the below results,

    1. Out of our network - We had connecting internet using USB dangle but we can't block the browser access in windows 7 operating system.

    2. Also we had connecting VPN dialer for connect our domain network, after connecting vpn access only able to access web browsing and everything .

    So how to fix are reconfigure dual location for our setup.

    Thanks N regards,

    Magesh Kumar .P

    :23785
Reply
  • 0

    We need further clarification for configuring firewall policy as dual location. Our firewall policy configuation as follow,

    We had created policy as roaming policy, in that we had configured as Dual location mode. Primary location as our own network (our domain ip address as added here) and secondary location as out of our network.

    In Primary Location configuration:

    In the configuration - General tab Working mode selected as Allow by default

    Blocking , Reporting and Desktop messaging check boxes are selected.

    ICMP: Everything is unchecked.

    Lan settings : We are configure our domain network ipaddress series with domain name. Area as local and NetBIOS and Trusted  select boxes are checked. Block file and printer sharing for other networks option as checked.

    Global Rules:

    Allow loopback TCP connection

    Allow GRE protocol

    Allow PPTP control connection

    Allow loopback UDP connection

    Block RPC call (TCP)

    Block RPC call (UDP)  - select boxes are checked.

    In the Secondary location configuration as follow:

    Configure - General tab - Woking mode as Block by default

    Blocking , Reporting and Desktop messaging check boxes are selected.

    In the ICMP tab -

    Echo Reply - In is checked

    Destination Unreachable - In & out checked

    Echo request - Out is checked

    Router advertisement - In is checked

    Router solicitation - Out is checked

    Time exceeded - In is checked

    In the Lan tab - Nothing added and also uncheked as Block file and printer sharing for other networks.

    We had tested dual location in test pc and we get the below results,

    1. Out of our network - We had connecting internet using USB dangle but we can't block the browser access in windows 7 operating system.

    2. Also we had connecting VPN dialer for connect our domain network, after connecting vpn access only able to access web browsing and everything .

    So how to fix are reconfigure dual location for our setup.

    Thanks N regards,

    Magesh Kumar .P

    :23785
Children
No Data