Object Policy's

[Vanish]

Hi, I have install the Zentyal 2.022 Free server and am trying to setup object policy's to put time of day limits for a certain computers within this object. I have created static route IPs for these objects.  One for my daughter laptop and the other for her iPod Touch (which will not take the set IP I have put in for it).  I have added a policy that says Always Deny from 00:00 to 08:00 All week.  But it has not cut her net during that time. 

So my questions are; 1:) how can I set that darn iPod Touch to have a static IP without having to do it manually?? (the stairs worked on every other machine in the house including my iMac), and 2:) Am I doing this object wrong and how would I change it so it will work and limit the net access during these times?

Thanks for any help I can get.

Jon

[DWAM]

Hi!

I guess you could try to assign a reserved (static) IP address to the ipod thru DHCP by using its MAC address

[Vanish]

I guess you could try to assign a reserved (static) IP address to the ipod thru DHCP by using its MAC address

I did that already and it still refuses to take the IP I set for it.  Any other idea's why it would bypass the required IP even with its MAC address setup for a static?

[DWAM]

It depends how the ipod is connected to your network :

- if wifi, then reserved static address thru DHCP should work
- if bluetooth, then it's in fact connected to your daughter's PC which acts as a gateway for the ipod, but I can't help you there, I'm not familiar with these toys...

[Vanish]

It depends how the ipod is connected to your network :

- if wifi, then reserved static address thru DHCP should work
- if bluetooth, then it's in fact connected to your daughter's PC which acts as a gateway for the ipod, but I can't help you there, I'm not familiar with these toys...

It is set as DHCP and the static is set in Zentyal.  I dunno, but it has taken the IP now it seems (or she has not turned it on lately).. but that is the least of my  concerns at the moment. 

The big thing I want to get working is limiting the time online and the website that are available to her.  I have her in her own object and I created a Object policy ( I put my iPad into the group for testing purposes, but I have not get it to work yet.  Any suggestions on this.  Do I need to set it up differently or something?

[Vanish]

Can no one help me with the Object Policies?!?

[christian]

What would help is to understand if you object policy doesn't apply because your device is not part of the object you created (this is why you should care about DHCP working properly  ) or if policy doesn't apply because of bug or other setting allowing to by-pass this policy.. position within the policy list does matter here, thus you have to tell us a bit more.

[Javier Amor Garcia]

There are some things to check there:

- whether the iPod IP is the correct one
- whether the iPod is using Zentyal as gateway
- finally the policy is incorrect. The time period is when the policy is enforced, in other times the access is denied. So if you want to give access all time except 00:00 to 08:00 you must choose an 'Always allow' policy and set the timezone from 08:00 to 23:59.

Cheers,
Javier

[Vanish]

Ok, I will break down what I have done for you to see it and maybe that will make it a little easier to help me..

So I started by making an object for my daughters devices (with one of my devices in it for testing purposes)...

Objects ▸ Alyssa (show help)
Members

Add new

   
Name           IP address            MAC address         Action
Alyssa-PC   192.168.0.121/32    78:e4:00:c8:ef:d9    
Jons iPad   192.168.0.123/32    d8:a2:5e:34:ea:8c    
iPod Touch   192.168.0.120/32    64:b9:e8:f1:f3:63    

Then I went into Object Policies under HTTP Proxy and set this Policy...

Object Policies (show help)
Editing object's policy

Object: Alyssa   
Policy: Allow Always
Allowed time period: From 08:00  To 23:00  All Days 
Time period when the access is allowed. It is ignored with a deny policy
Filter profile: Default   
 
List of objects

 
Object    Policy           Allowed time period          Group policy       Filter profile    Action
Alyssa   Always allow   08:00-23:00 All week                          default          

And from what I have read that is all I should have to do to setup Object policies to deny access to those devices anytime between 8am and 11pm. 

Is there more that I have to do to make this work cause this has been very unsuccessful as of yet and I am tempted to change software because of the troubles I am having.

I hope this explains what I have done and maybe allow you to give me some suggestions/ answers for this.

Hope to hear from you soon.

Jon

[Javier Amor Garcia]

Hello John,
this configuration seems to me correct. Check that Alyssa IP's is correct (MAC is unused in this case).

Probably the problem is that Alyssa is not accessing intenet through the proxy.

If you are using transparent mode check whether Alyssa is using it as gateway.

If you are not using it, alyssa browser's must be configured to use Zentyal and you must forbid the HTTP traffic from tAlyssa (or its net) otherwise it could circumvent the proxy.

[Vanish]

this configuration seems to me correct. Check that Alyssa IP's is correct (MAC is unused in this case).

I am using the mac address to assign her a specific IP.  This is working on the Laptop, however it is not working on her iPod or my iPad.  Not sure if its because they are apple products, but can you help me figure those out as well.

Probably the problem is that Alyssa is not accessing intenet through the proxy.

If you are using transparent mode check whether Alyssa is using it as gateway.

If you are not using it, alyssa browser's must be configured to use Zentyal and you must forbid the HTTP traffic from tAlyssa (or its net) otherwise it could circumvent the proxy.

I do not have any proxy active.  I did not know I need to active the proxy's.  I have no experience with proxy's and what would be the easiest way to set said proxy up.

Thanks

Jon

[Escorpiom]

Then I went into Object Policies under HTTP Proxy and set this Policy...

Object Policies (show help)
Editing object's policy

Object: Alyssa   
Policy: Allow Always
Allowed time period: From 08:00  To 23:00  All Days 
Time period when the access is allowed. It is ignored with a deny policy
Filter profile: Default   
 
List of objects
 
Object    Policy           Allowed time period          Group policy       Filter profile    Action
Alyssa   Always allow   08:00-23:00 All week                          default

If you set a policy under "http proxy" then yes, the proxy must be active.
Policies will never work if the proxy is not active.

First step is to activate it, decide whether you want it transparent or non-transparant. The latter requires that you configure the clients.

Cheers.

[Vanish]

If you set a policy under "http proxy" then yes, the proxy must be active.
Policies will never work if the proxy is not active.

First step is to activate it, decide whether you want it transparent or non-transparant. The latter requires that you configure the clients.

Ok.  I have never step either a transparent or non-transparent so I want the easiest one to do.  I have tried turning Transparent on in HTTP Proxy -> General, but it did nothing for it.  Do I need to setup a port or anything for it.  Sorry for asking so many questions, I just really want to get this working.  Plus I have another friend locally that is trying to do the same and I can pass this information onto him.

Thanks

[Escorpiom]

Ok.  I have never step either a transparent or non-transparent so I want the easiest one to do.  I have tried turning Transparent on in HTTP Proxy -> General, but it did nothing for it.  Do I need to setup a port or anything for it.  Sorry for asking so many questions, I just really want to get this working.  Plus I have another friend locally that is trying to do the same and I can pass this information onto him.

Thanks

No, there is no need to set up a port. Just make sure the module is installed on your system, and that it is running (you can see it on the dashboard under "HTTP proxy").
In my case I have set it transparent, no need to configure the clients.
I have blocked out all social network and dating sites for some people on the network, using object policies. It does work as expected.
The proxy used in Zentyal is Squid, there is a lot of info about this on the web and it is also explained in the Zentyal documentation. You might want to read up on it.

Cheers.

[Vanish]

No, there is no need to set up a port. Just make sure the module is installed on your system, and that it is running (you can see it on the dashboard under "HTTP proxy").
In my case I have set it transparent, no need to configure the clients.
I have blocked out all social network and dating sites for some people on the network, using object policies. It does work as expected.
The proxy used in Zentyal is Squid, there is a lot of info about this on the web and it is also explained in the Zentyal documentation. You might want to read up on it.

Cheers.

Thank you for the input.  I will play with this and read into it further to see if I can get it working.  I would like to use the transparent as then I do not need to mess with the clients.

Now the continued issue with the static IP on the iPod Touch.  I have set it up in the object to get said IP, yet it is still taking one from the DHCP server.  I also have an iPad in that group with a static IP and it took it for a while, but lately it has been taking from the DHCP as well. 

I do have an iMac in the house, but it takes the static IP I have given it (in Zentyal) and never lost it.  Is there something with those items and their IP configurations that I need manually set them to have the static IP or should they work the way I am hoping?

Thanks 
Jon