Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 6015 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scheduled Time and Web Policies - Feature Request

lferrara

The new Web section in v16 rocks, however you can configure access time on Web Policies and Firewall Rules. This is confusing. I think that if you configure the scheduled time inside the web policy, which has more sense, the scheduled time where you apply that web policy should be greyed-out.

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi Luk, I agree that XG16 offers granular configuration in certain areas that is a step in the right direction. Web and IPS are two areas where XG > UTM9 for sure.

    However I disagree with you about the time schedules. For me, firewall rule is like global configuration for a rule and then web > policy time schedules lets you further control time limits. So for example, you can have allow strict web rules from 9am to 5pm with firewall policy but can then engage a web policy like unproductive browsing between lunch hours of 12pm to 1pm in the same policy. You can do this right now with UTM9 but it is not as simple as it is in XG. You can also do this in XG by using a global firewall deny policy that is disabled during lunch hours but the way they have it right now lets you make some really customized rules within ONE firewall policy. Of course this can make configuration very complicated for new admins but once you understand how everything is related, web section of XG is very powerful. 

    I did some testing during beta with application control and was amazed at how easily you can block applications, apply QoS to an application, throttle each application separately with different speeds and different time schedules in ONE FIREWALL RULE. This is a REAL STEP FORWARD for XG and sophos should be applauded for their efforts.

    You know I am quick to point out any problems that I have with XG, but I think the web section in XG is really impressive and one of the best aspects of XG.

    Regards
    Bill

  • 0 in reply to Billybob

    Bill,

    What I expect from a product is clarity. If you can schedule time in 2 different places, it can become difficult in troubleshooting....

    Also when XG will have the ability to export the configuration you will have to look at firewall rule, web policy and match both.

    I agree with you about the web section. It is one of the best thing in XG and much simpler than UTM9.

Reply
  • 0 in reply to Billybob

    Bill,

    What I expect from a product is clarity. If you can schedule time in 2 different places, it can become difficult in troubleshooting....

    Also when XG will have the ability to export the configuration you will have to look at firewall rule, web policy and match both.

    I agree with you about the web section. It is one of the best thing in XG and much simpler than UTM9.

Children
  • 0 in reply to lferrara

    lferrara said:
    What I expect from a product is clarity. If you can schedule time in 2 different places, it can become difficult in troubleshooting....

    Hi Luk, I am not disagreeing with you about the complicated rules with multiple time slots defined at different places.

    What I am saying is that XG gives you the option to either:

    Make simple rules that allow traffic between certain times and deny traffic at other times using multiple firewall policies. So for one department that needs access to certain websites at certain times, you will have two to three firewall user policies just to manage time periods.

    OR

    You can make complicated rules that can control programs, apply qos to different programs at the same time, apply QoS to web traffic, and can use complicated time schedules for different applications and webfilter ALL IN ONE FIREWALL POLICY.

    To me this gives the admin choices. You can teach a new admin how to write simple rules or an experienced admin can write difficult complicated rules. I agree that troubleshooting would be hard if you have multiple dependencies in different places but it gives us more choices. For me, more choice is always a good thing.

    I am not disagreeing with you on any point, all I am saying is that XG gives you a choice to do more with web policies and you can make them as simple or as complicated as you like.

    Regards

    Bill