firewall policy between windows and linux
firewall policy between windows and linux
Yes, download restriction policies configured in Sophos Firewall will also affect Linux-based
machines (like Ubuntu), as long as those machines are connected to the same network and
their traffic passes through the firewall.
Sophos XG Firewall applies policies at the network level, not based on the operating system.
Blocking files based on file types (e.g., .exe, .zip, .iso, .tar.gz)
🔁 Then these restrictions apply to any device behind the firewall — including Linux, macOS,
Android, and iOS — not just Windows.
💡 Example:
✅ Ubuntu user cannot download .zip or .tar.gz from any browser (e.g., Firefox, Chrome).
✅ Even wget or curl on Linux may be blocked if the firewall inspects HTTP/S traffic.
🛑 Limitations
If SSL inspection is not enabled, Sophos may not be able to detect file types over HTTPS, and
downloads might slip through—on any OS.
✅ Summary
Yes — a Sophos Firewall download restriction policy applies to Linux machines just like it does
to Windows machines, if their traffic goes through the firewall and the policy is properly set.
Want help checking if your Ubuntu machine is affected or bypassing the firewall? I can help with
network diagnostics or testing commands.
Attach
Voic
Yes, you can set printer restriction policies in Sophos Firewall, but with some limitations—
because a firewall controls network traffic, not printer functions directly.
Example:
3
plaintext
CopyEdit
2. Control by Port/Protocol
You can block traffic on these ports to stop unauthorized devices from printing.
Sophos can detect some printing protocols via Application Control and block them.
Use firewall rules to allow only specific devices or users to access that zone.
To restrict a list of users from accessing the internet through a Sophos Firewall (e.g., XG/XGS
series), you can do this using User-based firewall rules or policies. Here’s a complete step-by-
step guide depending on how users are authenticated in your network.
Captive Portal
You can create firewall rules or web policies based on users or groups.
🔧 Steps:
Go to:
Authentication > Services
Go to:
Rules and Policies > Firewall Rules
Set:
Action: Deny
💡 Move this rule above any allow rules — firewall rules are evaluated top-down.
5
If users are not logging in, and no AD or Captive Portal is used, then:
Static IPs
1. Assign static IPs to the users you want to restrict (or reserve DHCP leases).
o Destination: WAN
o Action: Deny
If you want to allow LAN access but block web browsing only:
2. Create a new policy that blocks all web categories or critical ones (e.g., "All Internet")
3. Apply that web policy to a firewall rule for the blocked users or group.
✅ Summary Table
MAC-based rule DHCP or static MAC list (less secure) Block via MAC in device list
In an Active Directory (AD) environment with a Sophos XG/XGS Firewall, you can restrict
internet access and apply bandwidth limits per user or group using user-based firewall rules,
traffic shaping, and authentication integration.
✔️Requirements:
o Captive Portal
🔧 Step-by-Step Configuration
Go to:
Authentication > Servers > Add
Enter:
o Domain controller IP
o Admin credentials
7
2. Configure it to monitor logon events and send user info to the firewall.
3. In the firewall, go to Authentication > STAS and add the STAS collector.
Go to:
Authentication > Groups
Go to:
System Services > Traffic Shaping > Add
Set limits:
Name: Limit_Internet_Users
Bandwidth Limits:
Go to:
Rules and Policies > Firewall Rules > Add Firewall Rule > User/Network Rule
Settings:
To block internet:
🔍 Testing
Feature Purpose