Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 3435 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Whats the difference between Source Networks and Devices, and Destination Networks? How to make and exception or something like, for an ip segment?

Mike Cruz

Whats the difference between Source Networks and Devices, and Destination Networks?

Im trying to make an special rule or setting for the ips 192.168.1.1-100 (group A) and another to the range 192.168.1.101-254 (group B)

I suppose i have to add 1 firewall rule for each, right? or how to make an exception?

I just created a "host group" (system/host and services/ip host and ip host group) and i can see my group in both sides "source" and "destination", lets say i want to block facebook to group B, but allow it to group A

Thanks a lot!



This thread was automatically locked due to age.
Parents
  • +1

    Mike,

    XG uses zones so if you want to block something from LAN to WAN (for example), make sure to create a proper rule from LAN to WAN. To create exceptions inside the Firewall rule, create an above rule where you define which source objects(IP, Computers, Range, network) are allowed to the same traffic being blocked from the next rule.

    Firewall uses first match rule, so when the first rule is matched, no other rules will be checked.

    To block Facebook, create an Application filter (copy from ALLOW all template) and block Facebook apps. Also create a Web Filtering rule where you block Social Networks.

    Apply both filters to LAN to WAN and enable decrypt and scan.

    You can also use users as source objects so if a user moves around, it is always allowed/denied inside the rule where the user is matched (match know users checkbox).

    You have asked so many questions in one thread. Make sure to open one thread per each question next time.

    Regards

Reply
  • +1

    Mike,

    XG uses zones so if you want to block something from LAN to WAN (for example), make sure to create a proper rule from LAN to WAN. To create exceptions inside the Firewall rule, create an above rule where you define which source objects(IP, Computers, Range, network) are allowed to the same traffic being blocked from the next rule.

    Firewall uses first match rule, so when the first rule is matched, no other rules will be checked.

    To block Facebook, create an Application filter (copy from ALLOW all template) and block Facebook apps. Also create a Web Filtering rule where you block Social Networks.

    Apply both filters to LAN to WAN and enable decrypt and scan.

    You can also use users as source objects so if a user moves around, it is always allowed/denied inside the rule where the user is matched (match know users checkbox).

    You have asked so many questions in one thread. Make sure to open one thread per each question next time.

    Regards

Children
No Data