79schultz Newbie ✭
I have been asked to block browsing on some production computers. I used the Wizard to set up the policy, but I can still browse the Internet on said computers. Can someone help me?
Firmware Version:SonicOS Enhanced 18.104.22.168-7o
Safemode Version:SafeMode 22.214.171.124
ROM Version:SonicROM 126.96.36.199
Category: Entry Level Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Why not just use an Access Rule to deny traffic to HTTP, HTTPS, and TCP 8080 ports from those devices?
I'll give that a try. As you can see, I am a Newbie, so trying to figure out how to make some of this work (or not work) ;).
So, finding out more requirements for this, we need to have access to an internal website, but all other websites blocked.
So, for instance, we need customer.mycompanyname.com available (that is used in a browser for order fulfillment), but would like to block internet browsing.
Follow the below steps to accomplish your goal;
Create address object (IP/MAC) for the computers which you need to block the internet traffic.
Create address object group (For Example: Block-Internet) and add those IP/MAC of the computers.
Create ACL Rule as same as below;
NB: Keep this rule above of the default LAN-WAN rules. (High Priority)
Please bear with me as I am learning a lot about Sonicwalls and learning about how the system is set up at our company.
I realize I should have been more explicit about our network.
I work at the west branch of our company and it is at the west branch that we need to block Internet browsing on some of the production computers. We connect to our main branch through a VPN, our database is at the main branch. We also use Splashtop Streamer so we can remote into any computer if needed.
So, I managed with the suggestions and examples left here to block the Internet, but then I also effectively blocked Splashtop Streamer, which we have to keep that available; so I had to disable that rule.
I found the different URLs on splashtop.com/check that I think need to be allowed, and added them as a rule (higher priority than the other rules), but that didn't work.
I'm using the MAC addresses on the computers to place them in a Block List.
You might want to read Splashtops' documentation. https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/115001811966-What-are-the-Firewall-Exceptions-and-IP-addresses-of-Splashtop-servers-Services-
Also, having all your requirements BEFORE starting something usually helps.
Hello Schultz! Hope you're okay!
First of all, keep in mind:
When should you use Firewall rules?
Firewall rules are applied in a lower processing level, bringing less processing overload.
If your IP addressing scheme is well designed, you can use the "More specific" -> "More generic" rule creation method to achieve your goal. In this method, more specific Firewall Rules are placed in the top of rules order, so other more generic rules are placed below.
App and CFS rules are license dependant.
They are more effective, working on a highest processor level, allowing a more granular control. But, with them comes the cost of processor use. Depending on how many users are affected by the rules, firewall processor will be overloaded.
The other disadvantage is that if, for some reason, you forget to pay for license renewal, your access controls will be disabled. Firewall rules are not disabled.
After choosing your user control method, create rules normally.
Hope I have helped!
Thanks for the tips. I appreciate it!