Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 7002 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allowing All Web Traffic Except Social Media Sites

Asheer Hasan

Hi All,

Is there anybody can help me out to create some specific rules in firewall which will allow all web traffic except social media sites?

 

 

Thanks,

Asheer Hasan



This thread was automatically locked due to age.
  • 0

    Hi,

    please provide a more detailed request? Also are you home or business user?

    Also recommend you search the KBA for assistance so you learn more about your security device.

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,

    Thanks for your prompt reply. I am a business user of Cyberoam but we're going to move on SOPHOS soon.  Below point will give you the clear picture of my requirement.

    1: I have to allow all web traffic for one department except social media sites but there is one challenge in this , LinkedIn traffic should be allowed and accessible for all users which lies on that department.

    I hope you got my requirements and assist me on the same.

     

    Thanks,

    Asheer

  • 0 in reply to Asheer Hasan

    Hi,

    I can give you some rough guidance, but I suspect you will be better off calling in a specialist or at least your reseller.

    Assumption you are using an AD to authenticate your users.

    You will need a couple of firewall rules based on your authentication groups.

    You will need some web policies and application policies.

    From here I can only guess what other software you will need?

    Ian

  • 0 in reply to Asheer Hasan

    Yes you can configure like this.  There are a few different ways to do it.

    One way would be:

    A single firewall rule for all HTTP/HTTPS traffic, with match known users, show captive portal, applies to all.  Then select a specific Web Policy.

    Within the Web Policy have

    Applies to: HR Department   Category: Job Search   Action: Allow
    Applies to: All Users   Category: Job Search   Action: Block

    The policy is read top-down.  So anyone in HR has access to Job Search.  Or Linked In.  Or whatever.

    To be more specific you can create a URL group or Custom Category for Linked In, containing the domains you want to allow.  Then in the first rule, include that.  In the second rule, Block all Social Networking and Job Search (or whatever categories).

     

    One of the main differences is in Cyberoam all user/group selection is done in the firewall rule.  Although Sophos XG supports that (and you will be migrated to that if you perform an upgrade), XG also support a more powerful set of user/group matching within a single web policy.

  • 0 in reply to Michael Dunn

    Hi Micheal,

     

    Thank you so much for your reply. I will try to implement the same and update you with the results.

  • 0

    That would need you to create a web policy.

    A web policy that would block every social networking site.

    You can go to Web>Policies on the XG interface

    Select "Add" at the top to create a new policy and select the category of sites you want to block.

    Default action should be left at "Allow HTTPS" (because if you block it, you will be blocked from any site if that policy is enacted on your firewall)

     

    Next is, create a LAN to WAN firewall rule (network, or user rule. Depends. Since you want to group, and not make it happen over your network, then...)

    Then, choose the web policy you created earlier, enable logging and save at top.

    This would definitely allow all traffic from your network to the internet except from those who want to visit social media sites