Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 3309 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to allow IP list to access internet

Sophosness

Hi, would appreciate some help.

I assign IP addresses to all devices at home. I would like to allow a list of IP hosts on LAN to be able to access the internet WAN at any time. I want to be able to easily add or delete IP addresses from this list. So the idea is if my kids won't do chores then I simply remove them from this list and add them back again after the complete their chores. The only thing they fear is not having internet.

Thank you.

SG-115 Rev A

Firmware SFOS 18.5.1 MR-1-Build326



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I use clienteles users in groups, without deleting any deltails you just change the clinelyess entry to inactive and no internet access is the result.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks for your reply although I do not understand what you said. But I will try to search it up.

    SG115 Rev2 | NEXCOM DNA 120 | Intel Atom E3827 Bay Trail Dual Core 1.7GHz | 8GB DDR3 | 64GB SSD | Totally no idea what I was doing!

Reply Children
  • 0 in reply to Sophosness

    I will expand. I assign each device a static IP address using its name, then create a clientless user for each device and add them to groups like kids, IoT, VoIP, mobiles, Parent etc.

    You can change the status of a clientless user which disables the devices internet access. Also clientless users groups allow you to create specific firewall rules for device (users) access to application and web sites.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi, I can issue static IP based on MAC for most devices but my kids mobile phones and devices can randomise MAC addresses. My thinking is to always allow full access to selected static IPs/MACs and to restrict other IPs. Is that possible?  

    SG115 Rev2 | NEXCOM DNA 120 | Intel Atom E3827 Bay Trail Dual Core 1.7GHz | 8GB DDR3 | 64GB SSD | Totally no idea what I was doing!

  • 0 in reply to Sophosness

    Hi,

    disable the random mac generation function when at home at least. The kids will bypass the firewall anyway regardless of security you implement. They will setup hotspots to bpass your firewall settings.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    The good thing about my location (new housing estate) is there is no reliable mobile coverage and my fibre broadband is the only way to get fast internet so no hotspotting opportunities. I still do not know how to overcome the ramdom MAC issue except to create a rule to allow unrestricted internet access for static IPs (in range 192.168.1.10 to 192.168.1.100) and restrict any dynamic IPs above 192.168.1.101. Is that possible?   

    SG115 Rev2 | NEXCOM DNA 120 | Intel Atom E3827 Bay Trail Dual Core 1.7GHz | 8GB DDR3 | 64GB SSD | Totally no idea what I was doing!

  • 0 in reply to Sophosness

    Hi,

    yes, it is possible, you create a network of the range you wan to allow and use that in the firewall rule. Though your plan to block an IP will fail because the device will allocate a new MAC andi get a new IP address if restarted after you block the original IP. Disable the MAC function on the phones, create cleintless users/ fixed IP based the device default MAC address and tell the kids not to change the setting because they will not get internet access if they do.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?