Client time restriction

USG40
USG40 Posts: 7
First Comment
edited April 2021 in Security
Hello everyone,

I would like to ask wether it is possible or not to set time limits to certain users/devices in the network.

I am using USG40 and need to set time limits for my kids but dont know where to start.

Could anyone help me with this?

Kind regards

Azad

All Replies

  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2020

    Yes you can set time limits to given IP's to go out for internet.

    Best way to go about this is the USG40 is current set to allow all so you want to set block times like say 00:00 to 06:00 by going to Setting > object > schedule use recurring.

    When you login to the dashboard click DHCP table and click the reserve box for the given devices and make a note of the IP's. Go to settings > interface Ethernet tab and edit LAN1 and check Enable IP/MAC Binding

    Then go to settings > object address/Geo IP and add the IP's from the DHCP as host make a address group as block IP list and import the IP's

    Now your ready to go to settings > security policy > policy control and click add make the rule as from LAN1 to WAN source block IP list and select the schedule set action to block.


  • USG40
    USG40 Posts: 7
    First Comment
    Hello Peter,

    Wow man! This could i have never figure out. So many steps! Well i will give a try and come back and update.

    Thank you for Your help!
  • USG40
    USG40 Posts: 7
    First Comment
    Hello Peter,

    This seems to be working. Thanks a lot!

    I was also wondering about social networking apps lik whatsapp, facebook etc and if it is possible to block it not general but given "ip:s" or client only.

    Please do let me know. Thank You once again for a quick help!

    Azad
  • USG40
    USG40 Posts: 7
    First Comment
    Hello Peter,

    It seems to blocking all the time. I actually want to block timewize. Like some couple of hors a day. Like from 8PM to 6AP etc. How to change that?
  • USG40
    USG40 Posts: 7
    First Comment
    Hello again,

    I think i got it. I need to create a "Create Schedule Object"
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    yes you need to make a to Schedule Object and set a Schedule to the firewall rule.
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2020

    The control whatsapp, facebook etc you need to Activate IDP/AppPatrol Signature Service

    go to settings > object > application

    add name add for Social networks (search) and check Facebook (Access) and Facebook (Authentication) ok add for Instant messengers (search) and check WhatsApp (Authentication) and WhatsApp (Access) ok.

    Go to settings > App patrol

    add name add application you made action drop ok

    Go to settings > security policy > policy control and click add make the rule with action to allow (which seems odd but the UTM Profile application you made above is dropped) check under UTM Profile application patrol and select your rule and ok.


  • USG40
    USG40 Posts: 7
    First Comment
    Hello Robert,

    Thanks again.

    Yes I thought so, but as per now I do not have any subscription for the IDP. I was wondering if it could anyway go around like puting in lins/ports etc for the specific traffic or just simply use dns or cisco umbrela.
  • USG40
    USG40 Posts: 7
    First Comment
    when scheduling times it works but the scheduled policy does not seen after creating it. Where can it been seen if i want to edit and reschedule it instead of creating new every time?
  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Anniversary First Answer First Comment
    You have to activate IDP/AppPatrol signature service first, so the function can be operated.
    To modify the existing schedule, Go to object> schedule>select the profile then edit it

Security Highlight