Blocking "not entitled" sessions

If you find that you are exceeding your license count and would like to block any devices that are not going to be filtered, you are in the right spot!

By default, Untangle will bypass any session that is "not entitled" because the license has been exceeded. "Bypassed" simply means that the layer 7 filtering (Web Filter, Application Control, etc.) will not be applied to those sessions and these users will be allowed unfiltered access to the internet.

If you would prefer that these users are blocked from any and all internet access, then you simply need to configure the Untangle to do so. Here's how you can do that:

Under Config > Events > Alerts you will find a default alert rule labeled "License limit exceeded. Session not entitled"


If that rule is no longer there, here is what it should look like. The only config you may want to change is how often you receive the alert via email:
​​


You will take the above alert and use it to tag this traffic. In the following screenshot of the tag rule, here are the key points:
  1. This is the type of event that we are looking for
  2. This is the description (or part of it) from the alert rule from above
  3. This should (almost) always be Tag Host 
  4. cClientAddr is the IP address of the device that will get the tag
  5. You can name the tag anything you would like
  6. This should be limited in length so that the traffic is regularly re-evaluated for session entitlement
​​

Now that you have the "not entitled" traffic tagged, you need to tell the Untangle what to do with it. You have many options available to you, but here is the easiest.

Under Config > Network > Filter Rules, you will add a new rule:
Network-FilterRules.jpg

The rule needs to have the following:
  1. Client is referring to the cClientAddr from above
  2. This is the tag name that you have applied to the IP
  3. This is the action that you would like to have applied to this traffic
​​​​


And that's it! Following these steps will allow you to block any sessions that will not be filtered by the Untangle due to being over your license count.

 

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk