Results 1 to 9 of 9
  1. #1
    Untanglit
    Join Date
    Oct 2017
    Posts
    15

    Default Default block but whitelist certain apps and URLs?

    Is it possible to accomplish this? It seems like it needs a mix of Web Filter and Application Control, but I can't immediately figure out how to make them talk to each other. Is there some way to do this in Application Control only, using Rules?

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    16,678

    Default

    Yes, just add an application rule to block everything and then above it rules to allow what you want.

    Beware, you're probably in for a lot more learning and work than you anticipate.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email [email protected]

  3. #3
    Untanglit
    Join Date
    Oct 2017
    Posts
    15

    Default

    Why do you say that? I have a relatively small list of apps and URLs we need to access during restricted hours, is there some other component of this of which I am not aware?

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    16,678

    Default

    I think you'll learn its probably more complicated than that, and you'll also learn that time only flows forward even in networking, you can't change the past and you can't know things from the future.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email [email protected]

  5. #5
    Untangler
    Join Date
    Dec 2015
    Posts
    38

    Default

    Quote Originally Posted by dmorris View Post
    I think you'll learn its probably more complicated than that, and you'll also learn that time only flows forward even in networking, you can't change the past and you can't know things from the future.
    You forgot to end with the "Grasshopper" on that post. ;-)

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    16,678

    Default

    Hah, nah its not meant to sound condescending.
    He may not learn that stuff at all; it may do exactly what he wants. Or he may learn that he has some false assumptions, like that the application is known immediately or even quickly before any actual data has been sent/received.

    Thats been my normal experience in the past, but I've found its easier for someone to just try it and see for themselves than to explain the issues they'll encounter.

    Similar to the whole "I want to block all websites except X" discussion...
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email [email protected]

  7. #7
    Untanglit
    Join Date
    Oct 2017
    Posts
    15

    Default

    To clarify... are you saying that if Rack A allows an Application X, and Client 1 establishes a session of that application, and then Client 1 is switched by Policy Manager to Rack B based on time rules which blocks Application X, that Client 1's session of Application X will continue to be allowed? I.e. are you saying that once a session has been passed then it won't be re-evaluated even if the client is shifted to another rack with possibly different rules?

    Or are you just saying YMMV and I may hit some unexpected behavior?

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    16,678

    Default

    No I'm saying:

    1) Blocking all but certain applications will require some maintanence. You won't realize how many applications you use until you block all.
    2) The process of identifying any communication relies on allowing the communication to happen so it can be identified. This happens over time. This is true for a conversation between alice and bob, as well as network traffic. If a session is identified as "AMAZON" App Control will not travel back in time and block the session request. Likewise when a session is create Untangle can not look into the future and see the traffic that will happen and identify the application as "AMAZON" based on that future knowledge.

    Anyway, just try it and make adjustments as necessary.
    Last edited by dmorris; 10-07-2017 at 08:03 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email [email protected]

  9. #9
    Untanglit
    Join Date
    Oct 2017
    Posts
    15

    Default

    Thank you, I sincerely appreciate the help!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2