Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 2519 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filter Profiles with one subnet

lenny_01
Hi guys,

I have only one subnet but want to create to groups for internet access. One group with almost free access and on restricted group. Is there any possibility to perfom that with one subnet?

Thanks in advance,
lenny


This thread was automatically locked due to age.
  • 0
    Depends on your network.
    Is this a home setup or at business?
    Do you have an Active Directory?
    If yes, you can use AD SSO. There you can restrict internet access based on AD users or groups.
    If not, have a look at the Astaro/Sophos Authentication Agent.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0 in reply to scorpionking
    Yes, I do have AD SSO, its already configured and working. I've made an exeption list where I defined the group, and the skipping of URL filter.

    This is my full access group [:)]

    I guess there are mor elegant ways to do this?!?
  • 0 in reply to lenny_01
    Yes, the more elegant way is called "Web Filtering Profiles"... [:)]

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0 in reply to scorpionking
    But as far as I know this won't work with only one subnet...
  • 0
    You would set this up (one subnet), with a single proxy profile.  You would then differentiate different authenticated users/groups in Filter Assignments, each of which can be linked to a different Filter Action.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    Here's a straightforward configuration that I have working at many clients:



    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thank you all for your awnsers.

    @Bob
    Would you please send a screenshot of the filter assignmet settings? 

    Do I have to set a new Filter Action as well ?

    thanks,
    lenny
  • 0
    This works only with a machine? Say I want to create a separate profile for only one computer.

    I tried to do here, but it is not working, the computer is still picking up the default filter.

    Thanks !
  • 0
    Yes, you create a separate Profile for that one machine, using its IP in 'Allowed networks' instead of "Internal (Network)".  Place the new Profile above the existing one.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner