Sophos UTM 330

Hi Brian and welcome to the UTM Community!

You can create firewall rules with "username (User Network)" objects, but you also must use Sophos Transparent Authentication Suite (STAS) or the Sophos Authentication Agent for the IP to be populated in the UTM.  A user connected via a Remote Access method will have his "(User Network)" object populated automatically.

Is that what you were looking for?

Cheers - Bob

Hi BoB Thanks for the info

I am currently using webproxy/nat and working on using the Firewall rule against users/groups but this has so many challenges. 

I am currently able to authenticate Webpoxy users but not with firewall rule

I would like to stop using proxy/nat and only used Firewall rule with webfilter. is that possible?

I'm confused about what you want, Brian.

"I would like to stop using proxy/nat and only used Firewall rule with webfilter."

Webfilter is a Proxy.  You might want to consult #2 in Rulz (last updated 2019-04-17).

Cheers - Bob

sorry Bob,

Can sophos block FACEBOOK if i am  using user/group with firewall rule?

Thanks

Bhquin

sorry Bob,

Can sophos block FACEBOOK if i am  using user/group with firewall rule?

Thanks

Bhquin

Yes you can, Brian.

First, you need to configure user identification as I described above.

Then, assuming that you're using Web Filtering now, make DNS Host definitions for the FQDNs you find with:

zgrep 'fbcdn\.net' /var/log/http/2020/*/*|grep -oP 'url=".*?"'|sort -n|uniq -c

And for:

zgrep 'url="https\://[A-Za-z0-9.-]*facebook\.com/' /var/log/http/2020/*/*|grep -oP 'url=".*?"'|sort -n|uniq -c

Because of [A-Za-z0-9.-]*, the second one will take awhile.

Now you can make a firewall rule like

{group of (User Network) objects} -> Web Surfing -> {group of Facebook DNS Hosts} : Drop

Cheers - Bob

Thanks Bob for your prompt support, i will test later

Hoi Brian,

You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address.  For our German-speaking members, I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

Cheers - Bob

Hi bob

Thanks i will love to look review your

I also experience that Internet browsing using proxy is very slow compare to using the gateway. have you herd of this before?