Is it possible to schedule Application/Layer 7 Control?

  • 1
  • Question
  • Updated 1 year ago
  • Answered
  • (Edited)
Will this be an option like SSID scheduling?

Example:

We've got a cafe on campus and I'd like to block certain apps during school hours (youtube, etc), but unblock them outside of school hours.
Photo of Bradley Chambers

Bradley Chambers, Champ

  • 302 Posts
  • 53 Reply Likes

Posted 5 years ago

  • 1
Photo of Abby S

Abby S, Employee

  • 94 Posts
  • 47 Reply Likes
hi Bradley, this is an excellent idea. Will you please ask your SE to open a feature request? We have all the pieces to make this work, but it is not currently available as a configuration option. You can easily do this with separate SSIDs right now or by assigning separate user profiles that are assigned based on time-of-day configurations in the RADIUS server, but I think this could be simplified.
Photo of Jan Boje

Jan Boje

  • 47 Posts
  • 0 Reply Likes
Is anything new here ?
Our student is at the moment using 30% of our internet connection on facebook :(
It would be great if scheduling could be build into the IP firewall Policy 
Photo of Brian Powers

Brian Powers, Champ

  • 396 Posts
  • 92 Reply Likes
In a backhanded fashion this could possibly be done in the current HiveOS.  You should be able to make two SSID objects with the same SSID name.  Set different user profiles to each one and set them on a time schedule to be available.  So that your SSID (we'll call it Jan) is available 24/7, but during 8-4, the Jan SSID is available that has a user profile and firewall policy applied limiting Facebook.  But at 4pm another SSID is availalble (still named Jan) that has a less restrictive user profile & firewall policy that does not inhibit Facebook.  

SSID1-Object - SSID = Jan
SSID1-Object in the Network Policy is on a time availability schedule of 8am-4pm
SSID1 Object has User Profile 1 and Firewall Policy 1 tied to it.
User Profile 1 has a Firewall Policy applied that blocks/limits Facebook.

SSID2-Object - SSID = Jan
SSID2-Object in the Network Policy is on a time availability schedule of 4pm-11:59pm and 12:00am - 7:59am.
SSID2 Object has User Profile 2 and Firewall Policy 2 tied to it.
User Profile 2 has a Firewall Policy applied that is standard with little to no restrictions.



I've not tested this, but I've done similar things and believe that it would work if configured correctly.  

Of note that the time on the APs needs to be in unison or things would get really funky...
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Sorry Brian, your suggestion does not actually work.  Since the SSID name is the same for both SSID objects, HiveManager 6 won't let you push this configuration to an AP.

We have introduced this capability in HiveManager NG, however. NG introduced a revamped user profile assignment mechanism that allows you to assign different user profiles based on time or location, in addition to user identity, device, OUI, SSID, etc.
Photo of Jan Boje

Jan Boje

  • 47 Posts
  • 0 Reply Likes
thanks for your answer Andrew, we will look in to HiveManager NG.
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
We had to make some enhancements in HiveOS to add the new user profile assignment features offered in HiveManager NG.  The HiveOS enhancements exist in HiveOS 6.4r1d (and up). I will try to see if I can use make it work in HiveManager 6 by leveraging supplemental CLI.  I'll post here with an update soon.
Photo of Kevin Whelan

Kevin Whelan

  • 53 Posts
  • 2 Reply Likes
bump any updates
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
any updates on this?
Photo of Chris

Chris

  • 1 Post
  • 0 Reply Likes
Agreed on this! More specifically, I'd like to throttle it during business hours.
(Edited)