Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ400 How to block specific IP address from accessing a website

Wayne_OSSWayne_OSS Newbie ✭
edited April 2021 in Entry Level Firewalls

Looking to block a specific IP address (workstation) from accessing a streaming website. I've created the address object and match object but I am not able to pair them when I make an access rule. It doesn't show the match object as a destination.

Should I do this through an ACL instead?

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • RobWRobW Newbie ✭

    Is it a specific website you are looking to block?

    You can create a content filter policy, set the allow to all, create a block list containing required site, set the policy to go to black list first, have it apply to single IP (Address Object).

  • Hello @Wayne_OSS,

    If you want to block only one website for a single IP address, kindly create an address object of type FQDN and add the website as the destination. The match objects are used in App rules and not access rules.

    Otherwise, you can also create a separate CFS policy for this single IP address and add the website to the blocked URI list for that policy.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Wayne_OSSWayne_OSS Newbie ✭

    Thank you @RobW.

    Yes I want to block youtube. I wondered if doing through content filtering was the way but I wasn't sure I could apply it to a single Address Object.

  • @Wayne_OSS ,

    If the website is youtube.com, then it would be best to use CFS. It can resolve to a huge number of IP addresses and using the FQDN address object might not be that helpful.

    You can use the source address field in the CFS policy to apply this policy to a single IP address. Please make sure that the priority of this policy is higher that the generic CFS policy so that this specific policy is applied to only that IP address.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Wayne_OSSWayne_OSS Newbie ✭

    Thank you @shiprasahu93 for the additional information and help as well.

    To confirm, I selected the address object in the Source Address Included, for source address excluded, should leave this as none?

  • Yes, please leave that on None.

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.