Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 4456 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block Host from http Proxy access by using firewall rule

kklingbeil
Sophos utm 120

I have HTTP Access through the http proxy in standard Mode, http direct isn't enabled by firewall rules. so far so good.

What i am attempting is to block a single (internal) host from accessing the internet between 7:00am and 3pm

I have a firewall rule  on top of the list which says :

source: 10.1.10.220 (host on internal network)
service: http-proxy
destination: any
time:7am to 3pm
block 

which IMHO should block internet access through the proxy at the given time.

However, this does not work.

As far as I can see, traffic through proxy seems not to be affected by any firewall rule.

I don't believe this, so what is wrong


This thread was automatically locked due to age.
Parents
  • 0
    Proxies come before firewall rules, so if you allow the internal network to access internet via Web Security, no Firewall rule restricting it will work.
    You will have to create a Proxy Profile for the given host restricting the internet access times.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Reply
  • 0
    Proxies come before firewall rules, so if you allow the internal network to access internet via Web Security, no Firewall rule restricting it will work.
    You will have to create a Proxy Profile for the given host restricting the internet access times.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Children
  • 0 in reply to scorpionking
    Proxies come before firewall rules, so if you allow the internal network to access internet via Web Security, no Firewall rule restricting it will work.
    You will have to create a Proxy Profile for the given host restricting the internet access times.


    Thank you very much for your fast response....

    And, please may I ask how to do so ?
    As far as I can see, proxy profiles only contain filter rules, but no time restrictions ??
  • 0 in reply to kklingbeil
    Create a new filter action with mode "Block by Default".
    Then create a filter assignment with your time definition and the above created filter action. Leave the users/grous empty.

    Now you will have to create 2 Proxy Profiles in this order:
    • Profile for the specific host to block, assign the above created filter assignment
    • Your default Profile for all your Hosts using the Default filter assignment


    It migh also be helpful to have a look at the built-in online help.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0 in reply to scorpionking
    [QUOTE=scorpionking;239703]Create a new filter action with mode "Block by Default".
    Then create a filter assignment with your time definition and the above created filter action. Leave the users/grous empty.

    Now you will have to create 2 Proxy Profiles in this order:
    • Profile for the specific host to block, assign the above created filter assignment
    • Your default Profile for all your Hosts using the Default filter assignment


    Thank you very much.
    It works now like a charm.
Cookie Information Banner