Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 11667 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block internet access for AD groups authenticated users in XG firewall

Fred atallas

Hello,

i want to block internet access to any user profile in XG device ( i dont want to block by IP since i still want to give internet access to other users on the same station )

the two logical ways are either to create a new rule to reject wan access to user profile as source or in client list where i can deny all internet traffic 

none of the these solutions block internet access

all users are imported from AD and STAS collector is installed on DC .

any hint what could be the solution to apply

 

 

thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    You may two options 

    1. Create a Group for users who does not need internet access by setting Application and Web Policy set to Deny All on Group policy.

    2. Create a Rule and select the users/group and set action of the rule to 'Deny'.

    Kindly note, you may need to check if the traffic is not going through any other rule and position the rule on top to be sure. 

  • 0 in reply to Aditya Patel

    Hello Aditya ,

     

    i tried both ways 1 and 2 but not seem to be applied since the user can still surf to the intranet .

  • 0 in reply to Fred atallas

    Fred atallas said:

    Hello Aditya ,

     

    i tried both ways 1 and 2 but not seem to be applied since the user can still surf to the intranet .

     

    Fred,

    you cannot restrict access to Intranet unless the XG is used to manage all intra-vlan networks or is deployed in bridge mode.

    To deny access to intranet, you need to play with your Web Server Authentication mechanisms.

    Regards

Reply
  • 0 in reply to Fred atallas

    Fred atallas said:

    Hello Aditya ,

     

    i tried both ways 1 and 2 but not seem to be applied since the user can still surf to the intranet .

     

    Fred,

    you cannot restrict access to Intranet unless the XG is used to manage all intra-vlan networks or is deployed in bridge mode.

    To deny access to intranet, you need to play with your Web Server Authentication mechanisms.

    Regards

Children
No Data