Client time restriction

Hello everyone,

I would like to ask wether it is possible or not to set time limits to certain users/devices in the network.

I am using USG40 and need to set time limits for my kids but dont know where to start.

Could anyone help me with this?

Kind regards

Azad

All Replies

  • PeterUKPeterUK Member Posts: 590 ✭✭✭✭✭
    edited May 30, 2020 5:59AM

    Yes you can set time limits to given IP's to go out for internet.

    Best way to go about this is the USG40 is current set to allow all so you want to set block times like say 00:00 to 06:00 by going to Setting > object > schedule use recurring.

    When you login to the dashboard click DHCP table and click the reserve box for the given devices and make a note of the IP's. Go to settings > interface Ethernet tab and edit LAN1 and check Enable IP/MAC Binding

    Then go to settings > object address/Geo IP and add the IP's from the DHCP as host make a address group as block IP list and import the IP's

    Now your ready to go to settings > security policy > policy control and click add make the rule as from LAN1 to WAN source block IP list and select the schedule set action to block.


  • USG40USG40 Member Posts: 7
    Hello Peter,

    Wow man! This could i have never figure out. So many steps! Well i will give a try and come back and update.

    Thank you for Your help!
  • USG40USG40 Member Posts: 7
    Hello Peter,

    This seems to be working. Thanks a lot!

    I was also wondering about social networking apps lik whatsapp, facebook etc and if it is possible to block it not general but given "ip:s" or client only.

    Please do let me know. Thank You once again for a quick help!

    Azad
  • USG40USG40 Member Posts: 7
    Hello Peter,

    It seems to blocking all the time. I actually want to block timewize. Like some couple of hors a day. Like from 8PM to 6AP etc. How to change that?
  • USG40USG40 Member Posts: 7
    Hello again,

    I think i got it. I need to create a "Create Schedule Object"
  • PeterUKPeterUK Member Posts: 590 ✭✭✭✭✭
    yes you need to make a to Schedule Object and set a Schedule to the firewall rule.
  • PeterUKPeterUK Member Posts: 590 ✭✭✭✭✭
    edited May 30, 2020 9:16PM

    The control whatsapp, facebook etc you need to Activate IDP/AppPatrol Signature Service

    go to settings > object > application

    add name add for Social networks (search) and check Facebook (Access) and Facebook (Authentication) ok add for Instant messengers (search) and check WhatsApp (Authentication) and WhatsApp (Access) ok.

    Go to settings > App patrol

    add name add application you made action drop ok

    Go to settings > security policy > policy control and click add make the rule with action to allow (which seems odd but the UTM Profile application you made above is dropped) check under UTM Profile application patrol and select your rule and ok.


  • USG40USG40 Member Posts: 7
    Hello Robert,

    Thanks again.

    Yes I thought so, but as per now I do not have any subscription for the IDP. I was wondering if it could anyway go around like puting in lins/ports etc for the specific traffic or just simply use dns or cisco umbrela.
  • USG40USG40 Member Posts: 7
    when scheduling times it works but the scheduled policy does not seen after creating it. Where can it been seen if i want to edit and reschedule it instead of creating new every time?
  • JeremylinJeremylin Member Posts: 110  Ally Member
    You have to activate IDP/AppPatrol signature service first, so the function can be operated.
    To modify the existing schedule, Go to object> schedule>select the profile then edit it
Sign In to comment.