Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Satyam_mehrotra
Explorer

Want help with traffic blocking from one side

hi guys, i have 40 computer setup on which online examinations are  going on. I want to block internet on all computers so that students cant cheat by looking on internet. but problem is teachers should be able to connect remotely to any computer from outside. is there any way, if so please help.

0 Kudos
10 Replies
Vladimir
Champion
Champion

What is the model of the gateway/management appliance you are using and the version of the software on it?

0 Kudos
Satyam_mehrotra
Explorer

my UTM is 730 Wireless

0 Kudos
Satyam_mehrotra
Explorer

I have 730 Wireless UTM

0 Kudos
PhoneBoy
Admin
Admin

Which means this is really an SMB question, so let's move it to the correct space: SMB and SMP

PhoneBoy
Admin
Admin

Another relevant question: how are the instructors connecting to the computers remotely?

Because that will determine what the policy looks like.

Satyam_mehrotra
Explorer

through remote desktop connection

0 Kudos
JozkoMrkvicka
Authority
Authority

Block http and https during exam, or setup non-working proxy which cannot be changed by students (only teachers - administrators).

Kind regards,
Jozko Mrkvicka
0 Kudos
Vladimir
Champion
Champion

We should really know how the exam is being administered.

If it is a browser-based exam and the PCs should be able to access the resources outside to run it, we cannot simply block HTTP/HTTPS. You should define custom site and permit access to it using URLF/App Control in the rule above that preventing HTTP(S) access to other sites.

Remote administration of PCs could be accomplished by either configuring a mobile access for the teacher, to connect tot the gateway via VPN and running RDP to the PCs, or by deploying a jump host, like Apache Guacamole™  ,configuring it to run on custom port not conflicting with any of Check Point services.

For example:

1. Create custom HTTPS service:

2. Create these objects:

a dummy object with Gateway's external IP:

   

and a real object for the JumpHost:

students's network:

  

custom Site:

and Test Time(s):

3. Configure NAT rules:

4. Enable "Time" column in the Policy view:

5. And configure the access rules:

This should do it.

0 Kudos
Satyam_mehrotra
Explorer

Is there any way to connect through anydesk type software.

0 Kudos
Vladimir
Champion
Champion

From what I understand, it relies on unrestricted HTTPS connectivity from the clients, so this would likely be difficult to achieve.

You can try creating a custom site/URL with their site in it, permitting the traffic to it and to DNS from the students' PCs and restricting their access to anything else in the rule below to see if it works.

This scenario assumes that there is no Active Directory with recursive DNS server in place.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events