Content Filtering blocking some clients to access the internet
we would like to use the content filtering.
For this we would like to work with group policies.
We are currently looking for a way to prohibit individual clients from accessing the Internet.
Unfortunately, the "block list" is not a solution, as internal access is also blocked here.
Therefore we have defined a group policy "block all" with a catch-all (*).
However, access to internal websites is also blocked here (e.g. via VPN).
We are looking for a solution to block internet access for individual clients, although access to internal web services should still be possible.
This is our current setup:
all clients are wired. We are using site-to-site vpn.
We have a layer 3 switch behind the MX. The clients are connected to the Layer 3 switch. The MX has a static route to the subnet on the switch.
1. - some clients are allowed to access the internet directly, works with a firewall rule 2. - some clients are allowed to access the internet via a proxy server (squid proxy), which also does the content filtering 3. - all other clients are not able to access the internet
Now we want to use the content filtering of the MX. The clients from point 1 and 2 should go directly to the internet, content filtering does the MX with a default set. To implement this, the firewall rule from point 1 is changed, so that the entire subnet is allowed to access the internet.
Now i need a solution, how to block the clients which are not allowed to access the internet.
Content Filtering usually used when blocking categories or sites. If you use this to block all, it will both block internet and internal access. One possible solution is to create a firewall rules on your MX to allow only specific IP (like proxy, internal networks) and the last rule is block any source to any destination using any ports. In this way, users cannot access internet directly.