Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Newbie
    Join Date
    Nov 2017
    Posts
    12

    Default Can I display a "policy statement page" if a blocking policy is triggered?

    Is there a way to display a specific policy statement when a block policy rule has been invoked?

    I have created a Non Work Hours rack and am sending all DHCP clients to this rack through a policy and policy rule added in the Default rack. In the Non Work hour rack I am using a Firewall Rule blocking access to all WAN interfaces so there is no internet available after work hours. The policy and the rule is working as intended.

    The issue is that when an internet browser is opened, the page just never loads. For example in Chrome the little spinning arrow spins backwards (indicating it is looking for a DNS entry) but it just sits there spinning and the page remains blank. What I would like to do is if the policy is triggered then I would rather display a policy statement page that would tell the user "Internet is not allowed after work hours". That way it is clear to the user what the issue is.

    Without that ability or some way to inform the user Untangle Policy will not allow what they are trying to do the users will most likely think something is wrong and it will spawn a support call and even worse ... it will be an after hours support call. I would really like a way of communicating the reason to them and prevent those calls.

    I am using UT firmware on a Linksys 1900ACS router with the latest UT Version installed. I have a 128GB Sandisk Ultra Fit Bit usb so plenty of room to store some local HTML pages to display some specific policy if it could be stored there and accessed or redirected to when the policy is triggered. Can that be done?

    I appreciate all insights, experience, and / or creative thinking that would provide me a way to achieve this or something that would work in place of this to allow the user to know that UT is the cause of them not being able to use internet.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    6,210

    Default

    Just use Captive Portal with a custom captive portal page with no proceed button.

    https://wiki.untangle.com/index.php/...l#Custom_Pages

    BTW, the external drive on the Linksys will not have any benefit over USB stick as it is only used to load Untangle into memory. It's a limitation of the Linksys hardware.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    16,668

    Default

    The hard drive will last longer though - many USB sticks are total crap.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Newbie
    Join Date
    Nov 2017
    Posts
    12

    Default

    OK, I did as advised and added CP to the NWH Rack. I would like to seek some confirmation because I had to disable the firewall in that rack to get the custom_login to work. I did some testing and think I am OK but assumptions always come back and bite me somehow so I am seeking some confirmation on the assumptions I am drawing.

    1. Since I turned off FW on this rack and it was actually what I was counting on to prevent any connections to external nic or wan devices ... will CP alone insure that anyone routed to that NWH Rack cannot access the internet. I am relying on the CP page not providing any mechanism to allow login and only displaying a no internet after work hours policy. I tested it as much as I could using different computers and users and it seems to not allow it but is it safe to rely on this only?

    2. I am assuming since the default policy has a schedule policy for DHCP assigned addresses that if a user is logged in before the schedule policy triggers (triggered by time and day) that they will lose access when it does trigger. Is that a safe assumption?

    3. If I turn on FW in the NWH rack the the CP page never displays. So I am assuming FW rules kick in before CP is ever encountered. Is that a correct assumption.

    I appreciate the insights of those who are more experienced. I don't like assumptions and before I added CP there was no doubt the FW block all wan and external nics was absolutely preventing anything routed to the NWH rack from any sort of internet. Will CP alone with the custom_login page insure the same "absolutely no internet" to anyone routed to that rack?

  5. #5
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    6,210

    Default

    Reports will show if traffic is going across the policy. For real-time, just watch the session viewer.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Newbie
    Join Date
    Nov 2017
    Posts
    12

    Default

    Ok, one more question on Racks and CP Custom Page ... I have created a rack for Cell Phones with a Custom_login.zip file with custom html written pertaining to cell phones. I have a rack for Non Working Hours with a Custom_NWH.zip file with custom html written pertaining to cell phones.

    Does UT only allow one custom page for all additional racks? It seems to display the Custom_login.zip file disregarding the custom zip file I uploaded for the other racks. It shows the NWH html no matter if it is the Cell Phone rack or the Non Working Hours rack.

    I would assume each rack could have it's own CP custom page since each one allows a file upload. Is that a wrong assumption?

  7. #7
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    6,210

    Default

    I could see it functioning as you expected. I will look into it. There might be a bug there.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    6,210

    Default

    Thanks for reporting this issue. I found the cause. https://jira.untangle.com/browse/NGFW-11317

    Edit: This is fixed in the new release 13.1.1

    https://forums.untangle.com/announce...available.html
    Last edited by jcoffin; 12-08-2017 at 07:46 PM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Newbie
    Join Date
    Nov 2017
    Posts
    12

    Default

    Thanks for the information on the fix. I will get it uploaded and see if it resolves my issues with CP custom page for each Rack.

  10. #10
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    6,210

    Default

    If you add your UID to the priority queue, 13.1.1 upgrade will become available to your box.

    https://forums.untangle.com/off-topi...e-request.html
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2