White List Websites with ExtremeCloud Solution

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
  • (Edited)
We habe some Customers from medical Business which wants a Solution with 2 or 3 Access Points in Public Spots of small Hospitals.
They demand a solution with 2 Networks, a SSID with a short Passwort "1234" but only Access to 4 or 5 Special Websites (CNN / Healthcare ) and a SSID with a strong Password for employes.
Can i build a SSID / Network that only contains some Websites ?? I have found IP Block / Deny and Application Block and Allow but no Point of "Whitelist Websites". Of Course i could allow IP but this ist not usable with big News Sites. 
Photo of info@systemhaus-genthin.de

Posted 2 years ago

  • 0
  • 1
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 9,078 Points 5k badge 2x thumb
I believe you can do it. Define rules what will allow your apps first. Last rule will be drop unknown apps. The rule before the last will be drop all other known...
i dont want to filter apps :-) i want to have a whitelist of Websites ... for instance  www.cnn.com and drop all other sites  ...
Photo of Raffi

Raffi, Employee

  • 1,598 Points 1k badge 2x thumb

If you go to VNS->Roles you can create a policy to block everything. That could be assigned to the public user ssid. Then add another 5 policies to allow to the 5 websites. Vns-Roles->choose a role or make a new one and then select that role ->select the Policy Rules tab->click add->select l7 radio button->click "Custom Web Application"->click "+" to make a new one->then choose group: Web Application,  type: Host name,  Matching Patterns:cnn.com. This would allow traffic to cnn.com.


Photo of Jonquil Williams

Jonquil Williams, Employee

  • 244 Points 100 badge 2x thumb
Hi. Thanks to your questions and answers, I have written a procedure that will be included in the customer documentation for 4.01.01. Here is a peek, although the nice formatting we will have cannot be replicated here:

Whitelisting One or More Applications

You can create a policy to block everything except a single application or small group of applications (or web sites).

To whitelist one or more applications:

1.  Select Roles from the menu.

2.  Select Add to add a new role. Alternatively, select an existing role and select Configure Role.

3.  Create a Deny policy to block everything. This policy can be assigned to a public user SSID.

4.  Add an extended application policy to allow a single web site. From the Configure Role page, select New Application Policy.
A new row is added to the Rules list.

5.  Select the Edit (pencil) icon and configure the application rule.

6. Next to the Application field, select the Edit (pencil) icon.
The Custom Applications dialog opens.

7. Select Create New Application and configure the fields in the Application Setting dialog that opens.
For example, to allow access to www.companyname.com, enter Web Applications as the group,
Company Name as the name, and www.companyname.com as the pattern.

Group - Specify the application group to which the application belongs. The groups are pre-defined and cannot be customized.

Name - Enter a unique name for the custom application.

Pattern - Enter all or part of a fully qualified domain name (FQDN). The rule will match if the text that you enter appears anywhere in the host header of HTTP traffic. Example: The pattern companyname will match 'www.companyname.com', 'companyname.com' and 'www.company-name.com'. The match is case sensitive, so the pattern will not match 'Companyname.com'.

8. Repeat step 4-7 as needed to add additional individual web sites that each allow one web site. For
example, if you want to allow five web sites, make an extended application rule for each web site, for
a total of 5 extended application rules.