Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 935 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rules are not applied correctly

Catalin Olteanu

Hi,

I'm using SFOS 18.0.1 MR-1-Build396. I need to block the youtube traffic for a MAC address between some hours and for others not For this I've been using a time scheduler, an application filter to allow the traffic and with a lower precedence a drop rule for all media streamers.
Rule 3 should be active using a time scheduler and allow youtube only then;
Rule 4-5 should be applied for some other mac addresses and allow vimeo and youtube, all the time;
Rule 6 should block all media streaming;



Here are the dumps:















This thread was automatically locked due to age.

Top Replies

  • +1 suggested

    Hi Catalin,

    I have had a quick look at your rules and can see a number of holes.

    a summary of blocking access

    1/. You need a block rule times

    2/. you need an equivalent allow rule times

    3/. you need to block access to that site/s in every other rule.

    4/. you will need to reduce your use of any service too specific services.

    5/. and where possible avoid using a generic internet access rule because all traffic will eventually find it way there.

    Those are some thoughts for you until I can look on a bigger screen or some other forum members add to your thread.

    ian 

    Jump to answer
Parents
  • 0

    Hu Catalin,

    rule 6 (really rule #9 if reviewing in log viewer) blocks nothing, it is an allow all rule.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Even seems an allow all rule, the filter is a deny all.

    I've been done more searches and I was able to isolate a bug like:

    In case of a rule that combines (LAN[MAC1, MAC2],Application filter)->WAN, sophos makes an "OR" between [MAC] filter result and the Application filter, capturing all the traffic from that MAC(in this case youtube, but also other forbiden traffic).

    However, this is not the only one

  • 0 in reply to Catalin Olteanu

    Hi Catalin,

    you would have to disable the web exceptions for that to work successfully.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Reply Children