Extreme Networks

admin32 · ‎07-30-2020

In a school environment we have user profiles that have appropriate availability schedules based on student age levels , bedtime disconnection of client devices, different weekend schedules to school day schedules etc. This has worked for couple of years ok, Apart from the overnight disconnected state causes the networks health scores to look really bad permanately

Now I am tasked with users needing access to one site (semi permanently) so basically some sort of firewall policy involved that overides the actual permitted scheduled hours for that site/app. One particular site that needs wifi but all other access is regulated to the predetermined times.

So looking for possible redirection of user profiles depending on time schedules

or

Do I actually reconfigure to have students connected 24hrs a day, with dns, ip etc, (solving the health scores hopefully)

and then have some sort of complex firewall policy with time based allowance levels or redirections to allow or disconnect internet traffic to schedules.

i don’t actually think what i’m asking is achievable without 3rd party firewall controls externally to aerohive but open to suggestions

SamPirok · ‎09-10-2020

Thank you for clarifying, I don’t think that is something we can do in the XIQ set up, I believe you would need to use your network firewall for that level of granular control.

View solution in original post

admin32 · ‎09-10-2020

thanks for investigating and forum support

SamPirok · ‎09-10-2020

Thank you for clarifying, I don’t think that is something we can do in the XIQ set up, I believe you would need to use your network firewall for that level of granular control.

admin32 · ‎09-09-2020

Thanks, I think I havn’t explained my problem well hence the confusion.

I understand the scheduling and the firewall access top down list. Currently we have time scheduled profiles with no firewall rules. Surely if you apply any firewall rule to a user profile that access is controlled by the schedule before the firewall rule is assessed.

I’m trying to allow access to the single site overriding or independent of the scheduling of the user profile.

Which I guess is a firewall rule that has its own schedule or the ability to allocate/change user profiles based on times scheduling

9f7f39d8474243d89f25d25996325f03_ad558bc2-b9ab-4a3e-9dee-0537a3cd082b.png

SamPirok · ‎09-09-2020

I’m sorry for the confusion, if you go in to your Network Policy> Open the SSID> Open the User Profile> Go to the Availability Schedule, you should the scheduling options. If you already have all the user profiles assigned to the right users at the right times, you likely don’t need to alter the schedules and would just want to add that extra rule at the top of any firewall lists to allow the webpage.

So it’s not a new user profile, it’s a new rule in the firewall rules within the user profiles you are already using. That means you will want to open all the user profiles this new rule will apply to, go to the Security tab within the user profile, and add a rule allowing access to the new web page. Make sure the new firewall rule is moved to the top of the firewall rule list so it is applied first before any other rules blocking access are applied.

Extreme Networks

advice on client scheduling and restrictions

advice on client scheduling and restrictions