To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".
I've created a rule to deny all traffic to a particular IP. However, I need to be able to access a single web page. How do I do this to allow it?
you blocked the traffic to the IP via Firewall Rule? The Website you need to reach is hosted at this IP?
I think you cannot do this by Firewall Rule, but Access rule. You need two Match objects, one for the Website-Host and one for anything else, two App Rules, the first allows the Website and the other one blocks it.
If you're using HTTPS you probably need DPI-SSL enabled.
Welcome to SonicWall Community.
You can also try using the Allowed/Forbidden URI concept in SonicWall Content Filter Service if you can get the domain name of the IP address.
Using Allowed/Forbidden URI feature, you can block the whole domain and can allow a portion of the domain like webpage(s). Please feel free to take a look at the below KB article for a similar scenario detailed.
Technical Support Advisor - Premier Services
Thanks for your quickly answer. I've tried this:
I've tried allowing content through URI List Objects but it doesn't work. It doesn't recognize either the domain name or the IP address. And I have created a user group to which a CFS Profile Objects is applied with all categories blocked and the exception in URI List Objects whitout succesfuly.
Any more ideas?
@ASSINFO - I have tried these scenarios in the past and was much successful. If your website uses HTTPS access, could you please have the DPI-SSL enabled on the SonicWall and install certificates on the browsers of your computers and test further?
Let us know how it goes.
Thanks for your quickly answer too.
The scenario I have is this:
At this moment the rule that allows traffic is disabled because it caused me conflict with others.
@Saravanan - My SonicWall doesn't have the DPI-SSL License active.
you're running a Gen5 Appliance? It was optional back then.
But you're blocking a group of services for any destination address, which smells like conflict. I'am actually confused what you try to accomplish, because it seems different from what I thought it was in my first post.
Hi @ASSINFO - Thanks for confirming. The suggestion given to you was for Gen 6 appliance. If you are using Gen 5 appliance, you would need to do it via app rule configuration and this indeed requires DPI-SSL on the firewall.
@BWC - On the orders of the management team, the current scenario was that a group of users could not surf the Internet and until now it had worked well.
However, we have introduced the g-suite solution in our business environment and this group of users cannot access Google's functionalities. Therefore, what I am trying to achieve is that this group of users can use g-suite through the browser.
Ok @Saravanan. Thanks for your support.
Anyway, I do not know if I have explained myself well, since I have confused @BWC. If you want to look at the last answer I have made to him to try to understand it better I would appreciate it.
@ASSINFO - My understanding is, group of users need to be blocked from surfing Internet but they need to have access to only Google G-Suite. Please correct me if I'm wrong.
Exactly @Saravanan , that's exactly what I need. Can you think of a solution?
@assinfo - Thanks for your confirmation.
Below KB article explains about your scenario well. This feature is from Gen 6 and above SonicWall appliances. This feature is not an option for Gen 5 SonicWall appliances. This request of yours is may not be achievable in Gen 5 appliances using access rule or CFS or App rule policies due to limitations. Gen 6 Appliance overcomes all the limitations with perpetual DPI-SSL license.
Unfortunately, the answer is NO to your question. All the limitations on Gen 5 have been addressed in Gen 6. Its time for you to perform a secure upgrade. Please check the below link to know about secure upgrade program.
Have a good day!!!