Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 9942 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

When I make a firewall rule to limit streaming services like youtube and netflix my client pc's ignore the rule(wired and wireless).

cedric Wiersema

When I make the rule my client pc's are ignoring the rule that I just made, what am i doing wrong?

I am fairly new to the sophos firewall.

 

 



This thread was automatically locked due to age.
Parents
  • 0

     A few things I see.

    1. You last image of firewall rules shows the WAN/WiFi as source for the "limit streaming" rule, but the screen shot of the rule itself shows LAN/WiFi as source. Just be sure that's correct because WAN/WiFi source won't touch things coming from LAN.
    2. Firewall rules are processed top-down and the first rule to hit is used. Your "limit streaming" is shown last, which means LAN clients will hit rule 2 and never get to rule 4.
    3. In your capture of the traffic shaping policy, you don't show that you selected the YouTube Video Streaming application, so we can only assume it was selected along with the other related YouTube stuff.

    A quick thing to check would be the Live Connections tab of current activities while a client is streaming. Find the YouTube Video Streaming in the list of apps, click the underlined "total connections" count to bring up the details and it will show you which firewall rule was applied to the traffic. If you can confirm it is hitting your "limit streaming" rule then we can dig down deeper.

    Gary

  • 0 in reply to Gary Parr

    Hi Gary Parr,

     

    When I make a rule that is before rule 2 i get this error message from my browser

    to give you a rough discription (becasue it is in Dutch) my conncection is not protected.

    it says that google has an invalid certificate.

    Error code SEC_ERROR_UNKNOWN_ISSUER

    So basicly i am not allowed to go on the internet if it is setup like this.

    to go back on your point 3. i basicly selectedd everything with youtube in the name.

  • +1 in reply to cedric Wiersema

    My guess is that the certificate error you are seeing is caused by a redirect to the captive portal. By default, XG uses SSL for the captive portal but the factory-installed SSL certificate is self-signed and not trusted. You can either replace the SSL certificate with a "real" one, import the Sophos CA so the self-signed becomes trusted, or you can disable HTTPS redirection for the captive portal. Other alternatives include removing the "known users" requirement for that rule or using a different authentication mechanism.

    Oh, it could also mean you have enabled decryption and scanning of HTTPS which uses the same self-signed cert causing the same untrusted issues.

    -Gary

  • 0 in reply to Gary Parr

    Hi Gary,

    I can go on the internet now but it still looks like my rule is getting ignored. maybe one of my setting is wrong?

     

    -Cedric

Reply Children
No Data