Question about Access Rules on TZ300

sdeyoung

Hello all,

I've been using a test FW to try and secure and lock down the access rules in hopes that I can apply this to our current environment. The purpose is to only allow services that I want. Whenever I make a rule from LAN to WAN, choose my Source: LAN subnets and Destination: WAN interface and either HTTP or HTTPS as a service I can't seem to browse. If I open it up to Any, Any it works fine.

It kind of works using this config from: LAN to: WAN | Source: LAN Subnets Destination: Any | Service: HTTPS. Can browse to https://www.google.ca but if I try getting to say Facebook it will not load the page.

I currently have all security services turned off, no content filters.. Not really sure what I'm missing. Just curious what everyone else is using as their default for HTTPS traffic out. I'm sure I'm missing something. Any tips or suggestions would be greatly appreciated. Also I should mention that this is a fresh factory default FW with only 1 rule from LAN to WAN and it's set to priority 1.

Thanks!

Michael

@SDEYOUNG

You will also need to allow DNS for name resolution of the sites that you are attempting to access.

If you create a Service Group and name it something like "Web Services" or "Internet Access" add the HTTP, HTTPS and DNS services to this group. Now on your LAN to WAN access rule use this Service Group it should allow you to access sites as needed.

You can reference this KB for creating Service Objects and Object Groups.

https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-service-objects/170505402320933/

Hope this helps!!

Mike

sdeyoung

Yes I just figured this out.. It was a combination of services that I needed to enable. Thanks for the reply though!