Results 1 to 5 of 5
  1. #1
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    234

    Default Kids Policy not blocking all internet at time of day

    Am experimenting with Policy Manager and simply want to turn of all kids' internet access at night.

    1.) I've already added a username to each of their device KID1 and KID2 in DEVICES
    2.) confirmed under SESSIONS the expected devices reflect these usernames
    3.) Have gone into Policy Manager and created 2 new policies:
    - Kids Policy with Default Policy as its parent
    - No Internet Policy; Parent = None
    4.) Under RULES in Policy Manager, I've created a policy that directs any traffic from usernames KID1 and KID2 to Target Policy = Kids Policy
    5.) In SESSIONS, once again I can confirm that the intended devices' traffic from KID1 and KID2 are reflected under the Kids Policy

    So far so good...
    6.) Under the No Internet policy, I've installed the FIREWALL app
    7.) Under the FIREWALL app in No Internet Policy, I've created a single rule of 'No Internet' with only FLAG and BLOCK checked. There are no conditions in this rule, and the Action = Blocked.
    8.) Back under the Kids Policy, I've created another new rule (attached image) where usernames are KID1 and KID2
    no_internet_policy.JPG
    9) At 21:30 or 09:30 PM local time, their internet traffic is not cut off. Even new traffic attempted after that time. For example, if I try to watch something on their Roku which has been tagged with their username and restart the Roku, it accesses the internet without any issue.

    Please advise what I am doing incorrectly. Thanks.

  2. #2
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,243

    Default

    what is the order of you Policy Rules?
    First match is what will be used so if you have the rules in the wrong order it would explain your current problem.

  3. #3
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    234

    Default

    Quote Originally Posted by WebFooL View Post
    what is the order of you Policy Rules?
    First match is what will be used so if you have the rules in the wrong order it would explain your current problem.
    I have my rules ordered as shown here. The first one tags the usernames to my kid policy. The next 2 send KID1 and KID2 usernames to NO INTERNET based on day/time.policy_rules_order.JPG

  4. #4
    Untangler sheck's Avatar
    Join Date
    May 2020
    Posts
    48

    Default

    Quote Originally Posted by miles267 View Post
    I have my rules ordered as shown here. The first one tags the usernames to my kid policy. The next 2 send KID1 and KID2 usernames to NO INTERNET based on day/time.policy_rules_order.JPG
    You need to move the rules based on time above the generic username rule. It is hitting that rule for their usernames first and never seeing the second rule.

    As WebFool said, our rules work top down, so the first one in the list that matches is the one that will get used.

  5. #5
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    234

    Default

    Thanks sheck - that addressed my issue. As you already advised, it was in fact rule ordering. Once I had moved rows 2-3 (above) up to positions 1-2 in my rules, the functionality began working as expected (for all newly created traffic of course). In the event someone is watching a Roku stream of some sort, it will remain alive after the date/time cutoff until the user attempts to initiate a new video stream, etc.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2