Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 404 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Content Filtering - Is this possible with XG Firewall?

jprez1980

Hello,

 

I'm in the process of moving over from Untangle to Sophos XG and seem to be at a loss on how to move forward.   In Untangle, you had the concepts of "server racks" - you could map a given device by IP, MAC Address, UserName or some other qualifier.   As a result, we would have three racks:   General,  Restricted for Kids, and Unrestricted.    

All traffic not specifically grouped in Restricted for Kids or Unrestricted would fall into the default rack of "General".   

 

Does that same concept apply to XG Firewall?   I'm trying to avoid the user of Usernames and Passwords - grouping restrictions by device MAC and/or IP is my preference.   How do you group devices that are not in a given list to fall into the General category as an example?

 

Thanks



This thread was automatically locked due to age.
  • 0

    Hi,

     

    n Untangle, you had the concepts of "server racks" - you could map a given device by IP, MAC Address, UserName or some other qualifier.

    You can use "Clientless Users", to map a IP address to a username (user) to be used on the firewalls rules.

     

    What you can do is create all necessary "Clientless Users", and apply firewall policies with filtering on them, and at the bottom of those policies, you can create another firewall policy but for unauthenticated users.

    So on this one, all unauthenticated users, or unknown users will fall to single rule with the filtering you want, meanwhile all other authenticated users can be filtered separately from the unknown users.

    Example:

    Here's the Rule #6 with a "Clientless User".

     

    Thanks!

  • 0 in reply to Prism

    Hmmm - I may need to play around with that to see if that will work but thank you.   I'm assuming there will be an issue as there wouldn't be any authenticated users - the MAC address of the devices would determine which category/filtering would apply to them except for when a MAC address isn't known - that would seem to fall under unauthenticated users but I'd still need to address the other two groups somehow (Unrestricted and the Kids profile) both of which don't have usernames/authenticate.  Any ideas there?

     

    Thanks again 

  • +1 in reply to jprez1980

    Sorry, I didn't talked correctly, those user's will be authenticated with their IP addresses. There's no need to authenticate manually with usernames/password on the devices.

    You will first need to map It's MAC address to a static IP, then you can create a clientless user with it.

    When you do this, you will be able to create rules and filter traffic based on individual or multiple users, then as showed in the rule above, you can create another rule just for unauthenticated users, and filter in the way you want.

    jprez1980 said:
    hat would seem to fall under unauthenticated users but I'd still need to address the other two groups somehow (Unrestricted and the Kids profile) both of which don't have usernames/authenticate.  Any ideas there?

    With clientless users you will be able to filter the kids devices separately from the unauthenticated and the unrestricted ones, as showed above.

     

    Also, It's better for you to try creating a clientless user and then create a firewall policy, then you will understand how it works.

     

    Thanks!