cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Want help with traffic blocking from one side

hi guys, i have 40 computer setup on which online examinations are  going on. I want to block internet on all computers so that students cant cheat by looking on internet. but problem is teachers should be able to connect remotely to any computer from outside. is there any way, if so please help.

Tags (1)
0 Kudos
10 Replies
Vladimir
Pearl

Re: Want help with traffic blocking from one side

What is the model of the gateway/management appliance you are using and the version of the software on it?

0 Kudos

Re: Want help with traffic blocking from one side

my UTM is 730 Wireless

0 Kudos

Re: Want help with traffic blocking from one side

I have 730 Wireless UTM

0 Kudos
Admin
Admin

Re: Want help with traffic blocking from one side

Which means this is really an SMB question, so let's move it to the correct space: SMB and SMP

Admin
Admin

Re: Want help with traffic blocking from one side

Another relevant question: how are the instructors connecting to the computers remotely?

Because that will determine what the policy looks like.

Re: Want help with traffic blocking from one side

through remote desktop connection

0 Kudos

Re: Want help with traffic blocking from one side

Block http and https during exam, or setup non-working proxy which cannot be changed by students (only teachers - administrators).

Kind regards,
Jozko Mrkvicka
0 Kudos
Vladimir
Pearl

Re: Want help with traffic blocking from one side

We should really know how the exam is being administered.

If it is a browser-based exam and the PCs should be able to access the resources outside to run it, we cannot simply block HTTP/HTTPS. You should define custom site and permit access to it using URLF/App Control in the rule above that preventing HTTP(S) access to other sites.

Remote administration of PCs could be accomplished by either configuring a mobile access for the teacher, to connect tot the gateway via VPN and running RDP to the PCs, or by deploying a jump host, like Apache Guacamole™  ,configuring it to run on custom port not conflicting with any of Check Point services.

For example:

1. Create custom HTTPS service:

2. Create these objects:

a dummy object with Gateway's external IP:

   

and a real object for the JumpHost:

students's network:

  

custom Site:

and Test Time(s):

3. Configure NAT rules:

4. Enable "Time" column in the Policy view:

5. And configure the access rules:

This should do it.

0 Kudos

Re: Want help with traffic blocking from one side

Is there any way to connect through anydesk type software.

0 Kudos
Vladimir
Pearl

Re: Want help with traffic blocking from one side

From what I understand, it relies on unrestricted HTTPS connectivity from the clients, so this would likely be difficult to achieve.

You can try creating a custom site/URL with their site in it, permitting the traffic to it and to DNS from the students' PCs and restricting their access to anything else in the rule below to see if it works.

This scenario assumes that there is no Active Directory with recursive DNS server in place.

0 Kudos