Whitelisting URLs gives access to other websites
Some clients are able to access websites other than what I whitelist.
I have a network made of an ER8411, an SG2218P, several SG2210Ps, and a bunch of EAP225s, all managed by an OC300 controller. It's a BYOD network, with around 300 clients at any given time. We're a blue ocean ship, and spend about half of our time on a metered connection while at sea, and about half of our time on a non-metered connection while in port.
While at sea, I'm trying to give the crew access to messaging like WhatsApp, text messaging, Messenger, ect, because the quality of life from being able to call home is huge while we're away from home port. However, I have several services that I need to have data for, so I can't just let the whole internet rip for them, as they'd eat through the data cap in a few days.
I've set up a whitelist of devices that works great. The people who need it for work have it while underway. This is done with a MAC whitelist set to block all traffic on the LAN and to the WAN that isn't whitelisted, and a DHCP reservation corresponding to their MAC. The DHCP reservations are given an IP in the upper half of the subnet. DHCP automatic IPs are restricted to the bottom half. It isn't pretty, nor will it stop anyone determined enough to get access to the internet, but it works until I can get a lot smarter on VLANs and how to run two separate networks on the same hardware. (I'm not a professional IT, I just do this in my spare time.)
My problem is that when I turn off the MAC filter, I think my URL and ACL rules should block all traffic from non-whitelisted devices besides to WhatsApp. But it's letting some, not all, people access other sites. Turning off the URL permit rule causes intermittent WhatsApp connectivity, because I don't have all the IPs on the ACL rule, and still allows some people to access other sites, thought it's much more limited.
I added the WAN/LAN4 IN blocks after I had turned the MAC filter back on, so I'm not sure if that fixed it, and I'll be trying it tomorrow. But regardless, they still shouldn't have been able to get out in the first place. So what did I miss?
My ACL rules:
My URL filter:
BHJohnson wrote
Some clients are able to access websites other than what I whitelist.
I have a network made of an ER8411, an SG2218P, several SG2210Ps, and a bunch of EAP225s, all managed by an OC300 controller. It's a BYOD network, with around 300 clients at any given time. We're a blue ocean ship, and spend about half of our time on a metered connection while at sea, and about half of our time on a non-metered connection while in port.
While at sea, I'm trying to give the crew access to messaging like WhatsApp, text messaging, Messenger, ect, because the quality of life from being able to call home is huge while we're away from home port. However, I have several services that I need to have data for, so I can't just let the whole internet rip for them, as they'd eat through the data cap in a few days.
I've set up a whitelist of devices that works great. The people who need it for work have it while underway. This is done with a MAC whitelist set to block all traffic on the LAN and to the WAN that isn't whitelisted, and a DHCP reservation corresponding to their MAC. The DHCP reservations are given an IP in the upper half of the subnet. DHCP automatic IPs are restricted to the bottom half. It isn't pretty, nor will it stop anyone determined enough to get access to the internet, but it works until I can get a lot smarter on VLANs and how to run two separate networks on the same hardware. (I'm not a professional IT, I just do this in my spare time.)
My problem is that when I turn off the MAC filter, I think my URL and ACL rules should block all traffic from non-whitelisted devices besides to WhatsApp. But it's letting some, not all, people access other sites. Turning off the URL permit rule causes intermittent WhatsApp connectivity, because I don't have all the IPs on the ACL rule, and still allows some people to access other sites, thought it's much more limited.
I added the WAN/LAN4 IN blocks after I had turned the MAC filter back on, so I'm not sure if that fixed it, and I'll be trying it tomorrow. But regardless, they still shouldn't have been able to get out in the first place. So what did I miss?
My ACL rules:
My URL filter:
Hi @BHJohnson
For your request that 'But it's letting some, not all, people access other sites', could you please try to provide more details and give an example? From the ACL rules, there are deny all rules, generally all the traffic except the permit rules will be blocked.