Outgoing policy disabled, blocks or restricts popular services - please advise

So I thought about disabling the Outgoing policy since it allowed everything, but disabling it caused a few unhappy users.
Apps like WhatsApp worked with limited access. No video call, and the app is stuck connecting for a long time. Text messages eventually get sent/received, but with pain.
A lot of users complained email clients on their personal phones no longer worked.
Some users complained about their VPN not working; some were unable to access Plex.
Generally, some users started complaining about "slow" internet, so I assume a lot of stuff just didn't work properly.

I had to enable it again for now, but ultimately I want to have it disabled (I think).

I'm sure there will be hundreds of apps and services disrupted if this policy is disabled.

I'd like to restrict access but allow them basic stuff, such as WhatsApp (most likely other apps) or personal emails, on their phones.

Not sure how to proceed. Is it safe to keep the policy ON or OFF with individual policies specifying access to individual services? If so, is there a list of popular services I could configure to allow access? If I keep it disabled, I guess I have a lot to configure.

I'd appreciate your thoughts on this.

Best Answer

  • Turn on Logging on your Outgoing policy to see that is being allowed by it in Traffic Monitor and/or your log server.
    Then you can try to identify what policies you need to add to your config to allow desired traffic.
    Then you can disable the Outgoing policy.
    This can be a time consuming process.
    Best to warn your users prior to doing the disable and ask them give details about what does not work after it is disabled, so that you can more easily figure out how to allow what you decide is appropriate to allow.

    Do you have the Application Control feature?
    If so, then you can use it to allow selected apps and deny others.

    Do you want to allow outgoing VPNs? If so, you need to know which ones are being used. Some users use VPNs to avoid firewall restrictions set up by firewall admins. You need to think about this.

    Do you have a company policy about user Internet access - what is allowed and what is not??? If so, that can help decide what shouldn't be allowed that users are doing now.

Answers

  • Hi Bruce,
    yes I have a Total Security suite, so I realised Application Control is included, and I am playing with different combinations now.

    We have enough bandwidth for me not to have to restrict users too much and our policies are very basic, but there are areas I want to restrict.

    I was watching Traffic Manager when trying to make a WhatsApp video call, but from what I can see, Application Control is all I need at this point.

    Thanks

Sign In to comment.