you blocked the traffic to the IP via Firewall Rule? The Website you need to reach is hosted at this IP?
I think you cannot do this by Firewall Rule, but Access rule. You need two Match objects, one for the Website-Host and one for anything else, two App Rules, the first allows the Website and the other one blocks it.
If you're using HTTPS you probably need DPI-SSL enabled.
You can also try using the Allowed/Forbidden URI concept in SonicWall Content Filter Service if you can get the domain name of the IP address.
Using Allowed/Forbidden URI feature, you can block the whole domain and can allow a portion of the domain like webpage(s). Please feel free to take a look at the below KB article for a similar scenario detailed.
I've tried allowing content through URI List Objects but it doesn't work. It doesn't recognize either the domain name or the IP address. And I have created a user group to which a CFS Profile Objects is applied with all categories blocked and the exception in URI List Objects whitout succesfuly.
@ASSINFO - I have tried these scenarios in the past and was much successful. If your website uses HTTPS access, could you please have the DPI-SSL enabled on the SonicWall and install certificates on the browsers of your computers and test further?
you're running a Gen5 Appliance? It was optional back then.
But you're blocking a group of services for any destination address, which smells like conflict. I'am actually confused what you try to accomplish, because it seems different from what I thought it was in my first post.
Hi @ASSINFO - Thanks for confirming. The suggestion given to you was for Gen 6 appliance. If you are using Gen 5 appliance, you would need to do it via app rule configuration and this indeed requires DPI-SSL on the firewall.
@BWC - On the orders of the management team, the current scenario was that a group of users could not surf the Internet and until now it had worked well.
However, we have introduced the g-suite solution in our business environment and this group of users cannot access Google's functionalities. Therefore, what I am trying to achieve is that this group of users can use g-suite through the browser.
Anyway, I do not know if I have explained myself well, since I have confused @BWC. If you want to look at the last answer I have made to him to try to understand it better I would appreciate it.
@ASSINFO - My understanding is, group of users need to be blocked from surfing Internet but they need to have access to only Google G-Suite. Please correct me if I'm wrong.
Below KB article explains about your scenario well. This feature is from Gen 6 and above SonicWall appliances. This feature is not an option for Gen 5 SonicWall appliances. This request of yours is may not be achievable in Gen 5 appliances using access rule or CFS or App rule policies due to limitations. Gen 6 Appliance overcomes all the limitations with perpetual DPI-SSL license.
Unfortunately, the answer is NO to your question. All the limitations on Gen 5 have been addressed in Gen 6. Its time for you to perform a secure upgrade. Please check the below link to know about secure upgrade program.
Answers
Hi @assinfo
you blocked the traffic to the IP via Firewall Rule? The Website you need to reach is hosted at this IP?
I think you cannot do this by Firewall Rule, but Access rule. You need two Match objects, one for the Website-Host and one for anything else, two App Rules, the first allows the Website and the other one blocks it.
If you're using HTTPS you probably need DPI-SSL enabled.
--Michael@BWC
Hi @assinfo,
Welcome to SonicWall Community.
You can also try using the Allowed/Forbidden URI concept in SonicWall Content Filter Service if you can get the domain name of the IP address.
Using Allowed/Forbidden URI feature, you can block the whole domain and can allow a portion of the domain like webpage(s). Please feel free to take a look at the below KB article for a similar scenario detailed.
HTH.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Hi @Saravanan
Thanks for your quickly answer. I've tried this:
I've tried allowing content through URI List Objects but it doesn't work. It doesn't recognize either the domain name or the IP address. And I have created a user group to which a CFS Profile Objects is applied with all categories blocked and the exception in URI List Objects whitout succesfuly.
Any more ideas?
@ASSINFO - I have tried these scenarios in the past and was much successful. If your website uses HTTPS access, could you please have the DPI-SSL enabled on the SonicWall and install certificates on the browsers of your computers and test further?
Let us know how it goes.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Hi @BWC
Thanks for your quickly answer too.
The scenario I have is this:
At this moment the rule that allows traffic is disabled because it caused me conflict with others.
@Saravanan - My SonicWall doesn't have the DPI-SSL License active.
Hi @assinfo
you're running a Gen5 Appliance? It was optional back then.
But you're blocking a group of services for any destination address, which smells like conflict. I'am actually confused what you try to accomplish, because it seems different from what I thought it was in my first post.
--Michael@BWC
Hi @ASSINFO - Thanks for confirming. The suggestion given to you was for Gen 6 appliance. If you are using Gen 5 appliance, you would need to do it via app rule configuration and this indeed requires DPI-SSL on the firewall.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
@BWC - On the orders of the management team, the current scenario was that a group of users could not surf the Internet and until now it had worked well.
However, we have introduced the g-suite solution in our business environment and this group of users cannot access Google's functionalities. Therefore, what I am trying to achieve is that this group of users can use g-suite through the browser.
Ok @Saravanan. Thanks for your support.
Anyway, I do not know if I have explained myself well, since I have confused @BWC. If you want to look at the last answer I have made to him to try to understand it better I would appreciate it.
@ASSINFO - My understanding is, group of users need to be blocked from surfing Internet but they need to have access to only Google G-Suite. Please correct me if I'm wrong.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Exactly @Saravanan , that's exactly what I need. Can you think of a solution?
@assinfo - Thanks for your confirmation.
Below KB article explains about your scenario well. This feature is from Gen 6 and above SonicWall appliances. This feature is not an option for Gen 5 SonicWall appliances. This request of yours is may not be achievable in Gen 5 appliances using access rule or CFS or App rule policies due to limitations. Gen 6 Appliance overcomes all the limitations with perpetual DPI-SSL license.
Unfortunately, the answer is NO to your question. All the limitations on Gen 5 have been addressed in Gen 6. Its time for you to perform a secure upgrade. Please check the below link to know about secure upgrade program.
Have a good day!!!
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services