Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Block Browsers

I have been asked to block browsing on some production computers. I used the Wizard to set up the policy, but I can still browse the Internet on said computers. Can someone help me?


Firmware Version:SonicOS Enhanced 5.9.2.13-7o

Safemode Version:SafeMode 5.0.5.0

ROM Version:SonicROM 5.0.6.0



Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Why not just use an Access Rule to deny traffic to HTTP, HTTPS, and TCP 8080 ports from those devices?

  • 79schultz79schultz Newbie ✭

    I'll give that a try. As you can see, I am a Newbie, so trying to figure out how to make some of this work (or not work) ;).

    😏

  • 79schultz79schultz Newbie ✭

    So, finding out more requirements for this, we need to have access to an internal website, but all other websites blocked.


    So, for instance, we need customer.mycompanyname.com available (that is used in a browser for order fulfillment), but would like to block internet browsing.

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @79schultz

    Follow the below steps to accomplish your goal;

    Step1:

    Create address object (IP/MAC) for the computers which you need to block the internet traffic.

    Step2:

    Create address object group (For Example: Block-Internet) and add those IP/MAC of the computers.

    Step3:

    Create ACL Rule as same as below;

    NB: Keep this rule above of the default LAN-WAN rules. (High Priority)

  • 79schultz79schultz Newbie ✭

    Please bear with me as I am learning a lot about Sonicwalls and learning about how the system is set up at our company.

    I realize I should have been more explicit about our network.

    I work at the west branch of our company and it is at the west branch that we need to block Internet browsing on some of the production computers. We connect to our main branch through a VPN, our database is at the main branch. We also use Splashtop Streamer so we can remote into any computer if needed.

    So, I managed with the suggestions and examples left here to block the Internet, but then I also effectively blocked Splashtop Streamer, which we have to keep that available; so I had to disable that rule.

    I found the different URLs on splashtop.com/check that I think need to be allowed, and added them as a rule (higher priority than the other rules), but that didn't work.

    I'm using the MAC addresses on the computers to place them in a Block List.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    You might want to read Splashtops' documentation. https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/115001811966-What-are-the-Firewall-Exceptions-and-IP-addresses-of-Splashtop-servers-Services-

    Also, having all your requirements BEFORE starting something usually helps.

  • Hello Schultz! Hope you're okay!

    First of all, keep in mind:

    1. Firewall Rules are not license dependant
    2. App and CFS rules are dependent on licenses

    When should you use Firewall rules?

    1. When you don't want to be worried about license renewals
    2. If Your network infrastructure is well defined, using best practices on IP addressing assignment (IP segments for departments, printers, Wi-Fi, servers, etc.)
    3. When you need less firewall processing overload

    Firewall rules are applied in a lower processing level, bringing less processing overload.

    If your IP addressing scheme is well designed, you can use the "More specific" -> "More generic" rule creation method to achieve your goal. In this method, more specific Firewall Rules are placed in the top of rules order, so other more generic rules are placed below.

    App and CFS rules are license dependant.

    They are more effective, working on a highest processor level, allowing a more granular control. But, with them comes the cost of processor use. Depending on how many users are affected by the rules, firewall processor will be overloaded.

    The other disadvantage is that if, for some reason, you forget to pay for license renewal, your access controls will be disabled. Firewall rules are not disabled.

    After choosing your user control method, create rules normally.

    Hope I have helped!

    Best regards!

  • 79schultz79schultz Newbie ✭

    Thanks for the tips. I appreciate it!

Sign In or Register to comment.