Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 15340 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Struggling with game blocking

Per-OlofLitby

Greetings

 

I'm trying to block access to game sites (e.g. steam, origin games, battle-net and so on) during certain hours for a specific user. I have set up as follows:

Schedule

Web Policy

Firewall rule (at top)

 

 

But this doesn't seem to accomplish anything. Nothing is being blocked. The firewall log shows no traffic for this rule. When looking at live connections I see nothing obviously identified as known game sites, just a lot of traffic to the amazonaws.com domain. If that is games traffic, how do I trap it?

What is actually in the predefined categories "games and gambling" and are they up to date?



This thread was automatically locked due to age.
Parents
  • 0

    Hi.

    that rule will not stop anything. You will need to at least implement http scanning. I am trying to understand what you have in the GAMES cat setting. I find the games and gambles works well for most sites. Classification being correct of course.

    Also change your destination zone to be any otherwise the rule only applies to your WAN IP address range.

    More edits, please tick the NAT box.

    Ian

  • 0 in reply to rfcat_vk

    rfcat_vk said:

    that rule will not stop anything. You will need to at least implement http scanning.

    Hey rfcat_vk, I'm new to Sophos XG and still learning so I apologize if this is a stupid question, but are you saying 'Scan HTTP' must be enabled for your 'Web Policy' to work? I was under the impression they were separate and I just ran a quick test which seems to confirm that. For example, if I uncheck 'Scan HTTP' and have my desired 'Web Policy' selected, it still blocks websites for the web policy I have in effect. Basically, turning 'Scan HTTP' off doesn't seem to affect my web policy.

    I also tried adding 'Games and Gambling' to my web policy and I was still able to access Steam websites as well as Gambling websites...

    rfcat_vk said:

    Also change your destination zone to be any otherwise the rule only applies to your WAN IP address range.

    This also doesn't make sense to me because if the 'Destination Networks' is set to 'Any', then I thought the rule would apply to any IP or subnet address as the destination. This is basically how I have my firewall rules setup ('Destination Zone' set to 'WAN' and 'Destination Networks' set to 'Any) and I am able to access the internet without any issues. I thought the 'Destination Zone' simply controls which interface the traffic is coming from (source) and going to (destination).

Reply
  • 0 in reply to rfcat_vk

    rfcat_vk said:

    that rule will not stop anything. You will need to at least implement http scanning.

    Hey rfcat_vk, I'm new to Sophos XG and still learning so I apologize if this is a stupid question, but are you saying 'Scan HTTP' must be enabled for your 'Web Policy' to work? I was under the impression they were separate and I just ran a quick test which seems to confirm that. For example, if I uncheck 'Scan HTTP' and have my desired 'Web Policy' selected, it still blocks websites for the web policy I have in effect. Basically, turning 'Scan HTTP' off doesn't seem to affect my web policy.

    I also tried adding 'Games and Gambling' to my web policy and I was still able to access Steam websites as well as Gambling websites...

    rfcat_vk said:

    Also change your destination zone to be any otherwise the rule only applies to your WAN IP address range.

    This also doesn't make sense to me because if the 'Destination Networks' is set to 'Any', then I thought the rule would apply to any IP or subnet address as the destination. This is basically how I have my firewall rules setup ('Destination Zone' set to 'WAN' and 'Destination Networks' set to 'Any) and I am able to access the internet without any issues. I thought the 'Destination Zone' simply controls which interface the traffic is coming from (source) and going to (destination).

Children
No Data