Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 6222 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Tips on how best to block web access from Mac hosts

stego41

Running latest xg firmware is on Intel  core 2 duo with 4 gb ram.

Curious to know how best to block access from certain Mac hosts/list using an access time?

Running a basic setup, would simply like to block kids iOS devices during the week and enable Chromebook web access for homework time.

Currently using firewall policies at top of list ... But didn't see where I could use access times?? Eg deny during homework time ...custom access time

Still trying to learn the ropes with xg firewall after spending a little over a year with UTM 9

Thanks



This thread was automatically locked due to age.
Parents
  • +1

    Hi,

    Configure a FW-rule, define MAC address in the Source Zone and the Scheduled time for the rule to be active. Place the rule on top.

    You can also configure the custom filter actions to allow and deny specific categories.

    I would like to mention that instead of completely relying upon XG to take care of restrictions, you must step in and personally keep an eye.

    Thanks

Reply
  • +1

    Hi,

    Configure a FW-rule, define MAC address in the Source Zone and the Scheduled time for the rule to be active. Place the rule on top.

    You can also configure the custom filter actions to allow and deny specific categories.

    I would like to mention that instead of completely relying upon XG to take care of restrictions, you must step in and personally keep an eye.

    Thanks

Children
  • 0 in reply to sachingurung

    Hi,

    Thanks! This is essentially what I am doing but seemed a little clunky to me.

    For instance, I want the Chromebooks to have full access during homework time but not any other time.

    So I created a top rule as you describe above for the Chromebook Mac hosts during scheduled time for homework.

    I noticed though that outside of homework time the Chromebooks still had full access, since the next rule in line was full access for any source network. So I had to create another time just below to block all access for all the time for the Chromebooks.

    Was trying to figure out where you can use the preset "access times"... Eg deny during weekdays, allow during weekdays etc.

    Seems only the defined "schedules" are available in the drop downs when selecting time slots.  Maybe I'm missing something.

    And I agree I don't want to fully rely on xg to restrict, but with a 14 and 12 year old it's increasingly difficult, especially when their schools now fully rely on the Google infrastructure for their schooling. (classroom, Google drive, Google docs, hangouts etc..)

    Which is why I was opening up the Chromebooks a but more so they could so their homework...but as we all we know, they're not doing homework all the time or sometimes

    Joys of parenting in a digital age.

  • 0 in reply to stego41

    Hi,

    Bravo, you did exactly what is required. An explicit deny rule is required below the scheduled FW-rule to deny the traffic after the schedule policy sets the rule off. This is required when there is a rule that is defined to allow the traffic through all the time. You can define custom schedule policies by navigating through the options

    Just click on the create-new option in the drop-ardown for schedules. You can create a custom schedule directly.

    Thanks