Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1964 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple Internet Connections

FairyBurst
Hi,

I recently asked how to connect a DSL line to the Astaro, which I have now managed to do.

The next phase is slightly more difficult.  The DSL line provides standard web services along with another web service, it is this additional web service I ONLY want to use.

I somehow need to configure the new connection to only allow a specific AD group to use and only for this specific service, I ideally do not want them using it to browse the web.

I am now sure on how best to achieve this so any advise most welcome.

Regards,

FB


This thread was automatically locked due to age.
Parents
  • 0
    It seems like you could block ^https?//nww. for all other profiles.  For the new-service profile, select the 'Block content' mode and list that expression as the only thing to allow.

    Does that do what you need?

    Cheers - Bob
    PS To route the traffic after it leaves the Proxy, you'll need the IPs of the service; maybe a DNS group like "Secret Service Group" = secret.gov.  Then, create a NAT rule like 'External (Address) -> Web Surfing -> Secret Service Group : SNAT from {Secret Service interface} (Address)'
    PPS I think you'll also need a policy route for that same traffic selector.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    It seems like you could block ^https?//nww. for all other profiles.  For the new-service profile, select the 'Block content' mode and list that expression as the only thing to allow.

    Does that do what you need?

    Cheers - Bob
    PS To route the traffic after it leaves the Proxy, you'll need the IPs of the service; maybe a DNS group like "Secret Service Group" = secret.gov.  Then, create a NAT rule like 'External (Address) -> Web Surfing -> Secret Service Group : SNAT from {Secret Service interface} (Address)'
    PPS I think you'll also need a policy route for that same traffic selector.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data