Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 5961 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

custom network policies not working

MartyLiera

Hi All,

I'm new to XG firewall home edition.  I'm moveing from Sophos UTM home edition to XG. home edition.   My UTM hardware is old and starting to fail, so I'm replacing my hardware and upgrading to XG.

I"m having problems with network policies.  I have created specific network polices for testing and none of them seem to be working. 

Example, I created an explicit content policy and put it at the top of the list.  But I can still access adult sites.  

Not sure If I have the configuration setup correctly,   Or if I have to rebuild and start from scratch.    Any info is appreciated.

Thanks,

Marty



This thread was automatically locked due to age.
Parents
  • 0

    Hi and welcome,

    you can put the explicit block in your general access policy. I have one, that works on a lot of sites, but not as well as the UTM version. There is another thread about the site classification failure compared to the UTM.

    Now the logic for the traffic flow is the reverse to what a normal person would think (in my opinion anyway). The source is your network, the destination is the web and don't forget the MASQ rule.

Reply
  • 0

    Hi and welcome,

    you can put the explicit block in your general access policy. I have one, that works on a lot of sites, but not as well as the UTM version. There is another thread about the site classification failure compared to the UTM.

    Now the logic for the traffic flow is the reverse to what a normal person would think (in my opinion anyway). The source is your network, the destination is the web and don't forget the MASQ rule.

Children
  • 0 in reply to rfcat_vk

    Thanks for the follow-up RFCat_VK. 

    I already applied the explicit block to my general access policy.  Unfortunately it doesn't address my issue with why my network policies don't take effect. 


    My problem is;  Any network policy I create does not work. The following example is a rule for blocking explicit content.  The rule does not work,  it's not blocking access to explicit content.  

    Example: 

    Here's a simple rule example.  I'm using the Admin Doc for creating the rule. 

    Identity:  any users

    Source Info:  LAN (internal)

    Destination:  WAN

    Action: default settings

    Routing:  default settings

    Malware Scanning:  enabled Scan HTTP , Decrypt & Scan HTTPS

    Policy for User Applications (I have doubt that I have this correct):  

    Application Control:   Allow All

    Web Filter:   No Explicit Content

    Intrusion Prevention:  WAN to LAN

    Log Traffic:  Enabled

    One thing I think is that the rule does not show up as a network policy but a user policy.  Do I need to change it to a network policy rule?  If so, how can I change it to a network policy?

    Thanks,

    Marty

  • 0 in reply to MartyLiera

    Hi Marty,

    If you are not authenticating User to access internet, disable "Match rule on user identity" option.

    Thanks