Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 4038 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.5 AD sync to grant access to internet

Asankag

Hi Team,

I have installed a Sophos UTM 9.5 and it running perfectly. I have enabled web filtering and created firewall rules as well. Now our company wants to block internet for all the users except for one group on the AD. I would highly appreciate someone could direct me how to do it.

ps: We planning to use the UTM as the proxy server.

 

Regards 



This thread was automatically locked due to age.
  • 0

    You can create a firewall rule and specify the specific web filter you would like applied to the group that will have internet access. 

    On that firewall rule, make sure that you enable the checkbox for 'Match known users' under Identity section and specify the AD group.

    BELOW this rule, will be your default LAN -> WAN rule that will apply to everyone and under Web Policy, select 'Deny all'

    Let me know how that works for you.

    Thanks,

    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • 0

    Deepest apologies, for some reason I had responded with instructions for our XG firewall.

    To answer you question simply, on the UTM, you can achieve this by setting your base policy (Web Protection > Web Filtering > Policies >  Base Policy - Filter Action) to block everything and you would create an additional policy (+ button), selecting the relevant AD group, and creating the relevant feature action for them.

    This is under the assumption that your AD group is in the same network as the rest of the users you specified on your Global tab.

    Thanks,

    Karlos 

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML