Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 9255 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block internet access and allow Face time application only.

Shoukat Ali

Dear all,

Please share your expertise in following; 

 

How to block internet access and allow Face time application only on specific subnet using Sophos XG 230 firewall.  



This thread was automatically locked due to age.
Parents
  • 0

    Hi Shoukat Ali,

    You can block it via an Application Filter policy, you can check out the How-To videos for Web/App control here for configurations. You can also block it at the IP address level, if the application filter doesn't help.

    According to what I found, there are three ranges of IPs that iMessage/Facetime uses and needs to be allowed/blocked:
    17.173.0.1 to 17.173.255.255
    17.178.0.1 to 17.178.255.255
    17.133.0.1 to 17.133.255.255

    These are large IP ranges and likely contain services that you still want to use (ie. App Store). Here, explicitly ALLOW the following range to enable the App Store:
    17.173.65.1 to 17.173.65.255

    For this, you need to create a User/Network Rule, place it on the TOP and create new definitions/objects for IP ranges and add them in the Destination Networks option inside this new rule. Allow the action and it will do the job.

    You need another firewall rule with action defined as DROP and place it below the above mentioned rule with Source: ANY > Services ANY > Destination: ANY.

    Thanks,

  • 0 in reply to sachingurung

    Dear sachingurung,

     

    Please help in solving the above issue.

  • 0 in reply to Shoukat Ali

    Hi Shoukat Ali,

    You can refer to the pg 307 of the Administrative guide here, to create/add a user/network firewall rule.

    Thanks

  • 0 in reply to sachingurung

    Hi sachingurung,

     

    Thanks for your reply.

    I have already created firewall rule as following,

    First i have created application policy and deny all the application in the application policy rule. Then allow FaceTime application, infrastructure applications,http and iCloud application in the policy.

     

    Then apply the newly created application policy in the Firewall rule under Application control and select deny all web traffic under web control.

    The result is that the Facetime application is working and rest of the web traffic is blocked.

     

    But there is still a problem... FaceTime Video quality is poor and the FaceTime is going to stuck during video call.

     

    Please support in this regard if you can.

     

    BR,

    Shoukat Ali

  • 0 in reply to Shoukat Ali

    The quality could be poor due to bandwidth or IPS. Multiple factors can be associated with it. The simplest approach first, provide a particular guaranteed bandwidth value that FaceTime application can use, refer to, https://community.sophos.com/kb/en-us/123062

    Thanks,

Reply Children