About Remo

@Stephen.Davis If you do not need the captive portal you could reuse this response page to redirect the user to company.gpcs.com. Simply place these line in the <head> section of the captive portal tesponse page html: <script> window.location.href = "https://company.gpcs.com"; </script> ... View more

@Retired Member Thanks for the information. This should be plenty of time to update to 8.1 ... at least for all who keep their devices up to date 😛 ... View more

Hi @lchan2550   From clients to the ESM you only need port 2125/tcp (or whatever port you configured if you changed the default port. For the Traps admins you also need port 443/tcp to connect to the webinterface. ... View more

Hi @KumarRamalinga   With a custom report you will get at least close to that what you need. There you should add the columns you need, set the group by field to source IP and the sort by to bytes. This should generate a report with your requirements. ... View more

@jsalmans If there is a way to avoid *.* URL entries then you should. So definately go with the way that you change the URL block page based on the <rulename/> variable.   In addition I would recommend you to create 3 rules: Allow rule with the allowed destinations for these students Allow rule with a URL filtering profile applied where you set everything to block (Depending on the rest of your policy) Deny all rule to make sure that these students cannot use something else to somehow pass traffic through the firewall ... View more

@jsalmans If there is a rulename variable, even better. Good to know 😉   But regarding the other possibility with the wildcard custom category: Just make sure that the action of this category is set to "none" in your other profiles, so that this category will have no effect there. ... View more

@jsalmans Thats the point where I am not 100% sure if the wildcard behaves the same as "normal" entries. I am pretty sure that it will be like that but I haven't done this so far. We only use a custom category shared over multiple firewalls when we want to block something in general. At least there it works that the custom category has always the higher priority than builtin categories. ... View more

Hi @jsalmans   Do you already have the application block page enabled? If not, one possobility would be to use this response page and change this one to the specific content you want to show these students. With this method you should - as you proposed - two security rules: one with either addressobjects or a custom URL category attached directly to the rule and another rule that blocks everything else for these stutents and where it is possible (http traffic) the firewall will show the application block page.   The other possibility would be to dynamically change the URL block page based on the sourceuser. The big disadvantage of this solution is, that you need to specify the sourceusers in the block page in a little part with javascript to be able to change the content for different users.   And another possibility I can think of is, if you specify a custom URL category with *.* as content. This custom category you add to a dedicated URL profile for these users with the action block and allow for all other categories. This way you should be able to change the content with javascript ob the blockpage based on this custom URL category and this will allow you to "easily" achieve what you want without changing the block page every time when there is a userchange in the AD group.    So I personally would try the last possibility in my post and this does not work for you the first one. The second one works but is ... not so good 😛 ... View more

@BPry I admit, I never configured it with 10 addresses. But when I used a /24 or /25 as source IP and the same network size as source NAT, the last octett remained the same. ... View more

@nson2139 Maybe I do not understand your question, but as long as your effective source and your source NAT IP range are the same soze, then you could use static NAT... ... View more