Results 1 to 10 of 10
  1. #1
    Newbie
    Join Date
    Aug 2017
    Posts
    8

    Default Using Application Control with Policy Manager across different groups - New User

    Hi,

    I am at the start of my Untangle journey and just getting to grips with things.

    Iíve blocked a lot of applications that I donít want people getting access to in default policy including Dropbox, Facebook, Twitter, YouTube, box. Now this works fine until I want to allow marketing access to Facebook and Twitter and then allow Management access to Dropbox.

    I thought I would be able to just block everything I didnít want with Application Control in the default policy and then setup a new policy for Marketing as a child of the default policy and simply allow Facebook and twitter through Application control in there.

    But that doesnít work, they get access to Facebook and Twitter but they also get everything else that I blocked in the default policy, so it appears that I will need to replicate every blocked item from the default policy applications control into the marketingís policy application control and then allow the bits that I want them to get access to.

    This seems like a lot of duplication of work or have I missed something?

    Thanks

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,725

    Default

    Yes, there is duplication.

    So, you configure a default rack with a policy set, then you make a child. The child simply uses the rack applications of the parent, if you install a given app, say web filter, now that child has an entirely separate rack application that needs configured. That new instance doesn't import anything from the parent, it's new.

    Now this probably seems rather inconvenient, but think about it for a moment. How is Untangle to know what settings you do and don't want?

    The time saved with child racks means all rack applications you do not install in the child get settings from the parent. And you can only have one policy active for each network session. So if you make rack that blocks Facebook, and a rack that passes Facebook, then your policy rules choose facebook on or off. I've never tried to pass a piece of Facebook, and given the way that service works I'd be surprised if that was even possible.
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler
    Join Date
    Apr 2017
    Posts
    88

    Default

    >Now this probably seems rather inconvenient, but think about it for a moment. How is Untangle to know what settings you do and don't want?

    I would have it copy everything, then you could customize the child from that point on. Having it do that would have saved me a ton of time. It takes much longer to duplicate everything in the child that is in the parent that I want to keep than it would to have the child start with a copy of the parent and then just tweak the child.

  4. #4
    Master Untangler
    Join Date
    Feb 2016
    Posts
    228

    Default

    Don't the import/export features help here? Or am I thinking of something else?
    Fred59 likes this.

  5. #5
    Untangler
    Join Date
    Apr 2017
    Posts
    88

    Default

    Quote Originally Posted by Sam Graf View Post
    Don't the import/export features help here? Or am I thinking of something else?
    It depends on the app. For example, the Application Control does have import/export, whereas the Web Filter does not.

  6. #6
    Master Untangler
    Join Date
    Feb 2016
    Posts
    228

    Default

    So for the OP, though, it would be possible to simplify the process. No need to manually "replicate every blocked item."

    I do wish the import/export feature was everywhere. That would make rack/policy management pretty painless. Maybe it would be fine if child apps replicated their parent. I'd have to think about that, but no red flags are popping out at me at the moment.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,725

    Default

    Replicating the initial configuration seems simple enough, but replicating settings after that would be a technically difficult if not impossible task.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Newbie
    Join Date
    Aug 2017
    Posts
    8

    Default

    Thanks for the input everybody.

    I successfully tried the export/import method and that worked, to export the default application policy and then import it in to the new child policy application control.

    So yes it does save me a bit of time and work but I do realise that any changes that I want to make in terms of blocking additional applications will have to be made to each separate policy.

  9. #9
    Master Untangler
    Join Date
    Feb 2016
    Posts
    228

    Default

    It's true that there is no completely painless way to enjoy the power of the rack system.

  10. #10
    Untangler
    Join Date
    Apr 2017
    Posts
    88

    Default

    Quote Originally Posted by sky-knight View Post
    Replicating the initial configuration seems simple enough, but replicating settings after that would be a technically difficult if not impossible task.
    Agreed. I did not make my suggestion clear. What I propose is to do the replication once when the child was created and then from that point forward, there is no linkage between the two.
    RobG303 likes this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2