Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 726 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Nesting of allowed Web Applications possible?

LHerzog

Hi,

is it possible to nest web application rules?

Take this little Chart:

I would like to allow different applications to different users on the XG Firewall based on their user heartbeat.

So the idea is to create several rules for each application and put the apps inside each rule. Then put all the users that need it into this rule.

Currently my problem is, that the first matching rule wins:
e.g. if I Allow Office 356 to User A - he is only allowed to use Office 365 - nothing else.

This makes it very uncomfortable to keep track with changing user requirements, because I need almost one Web / Application Rule for each user.



This thread was automatically locked due to age.
Parents
  • 0 in reply to LHerzog

    I hope I'm wrong, but by the last conversations I had with support "Nesting" rules are not possible because the management plane on Sophos XG is horrible.

    Let's say you have two rules for User A.

    1) Allow Facebook, Deny everything else.

    2) Allow O365, Deny everything else.

    By default XG will match everything on Rule 1, even if O365 is allowed on Rule 2 It will still be denied since by default the Rule 1 have a "Deny" all.

    The only way to do this is by having a single rule by user, that applies everything (All Apps/Web policies) for that user.

Reply
  • 0 in reply to LHerzog

    I hope I'm wrong, but by the last conversations I had with support "Nesting" rules are not possible because the management plane on Sophos XG is horrible.

    Let's say you have two rules for User A.

    1) Allow Facebook, Deny everything else.

    2) Allow O365, Deny everything else.

    By default XG will match everything on Rule 1, even if O365 is allowed on Rule 2 It will still be denied since by default the Rule 1 have a "Deny" all.

    The only way to do this is by having a single rule by user, that applies everything (All Apps/Web policies) for that user.

Children
No Data