Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall questions


  • Please log in to reply
5 replies to this topic

#1 hispaladin

hispaladin

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middle of a corn field
  • Local time:02:30 AM

Posted 29 April 2013 - 01:41 PM

I am wanting to set up firewall rules to restrict the internet for a specific computer down to allowing access only to three basic websites that the machine needs to have access to.  I have it set with a static IP assigned by the router and I am using a Sonicwall TZ100 router.  I have two rules setup at this point, one to allow access to the websites using FQDN address objects and one to deny all access.  The allow rule is more specific so it takes priority over the deny rule, or it is supposed to.  So far it just denies all internet traffic (traffic to the WAN) from that machine.  Any ideas on how to do this??

Attached Files



BC AdBot (Login to Remove)

 


#2 chrisd87

chrisd87

  • Members
  • 811 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:03:30 AM

Posted 30 April 2013 - 07:43 AM

Just guessing here, but don't you need to do wan > lan access rules instead of lan > wan?


"Like car accidents, most hardware problems are due to driver ɹoɹɹǝ."

 


#3 hispaladin

hispaladin
  • Topic Starter

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middle of a corn field
  • Local time:02:30 AM

Posted 30 April 2013 - 07:51 AM

Well that is what I thought and tried first and it didnt make any difference at all.  There is already a default access rule that says deny all wan > lan so I gave it a try going the other way and I managed to lock down everything but I couldn't get it to open up to the three websites I needed.



#4 chrisd87

chrisd87

  • Members
  • 811 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:03:30 AM

Posted 30 April 2013 - 07:53 AM

could you do a one to one nat policy and then use the fqdn as the address object? Or maybe try setting the rule to be reflexive?


Edited by chrisd87, 30 April 2013 - 07:55 AM.

"Like car accidents, most hardware problems are due to driver ɹoɹɹǝ."

 


#5 hispaladin

hispaladin
  • Topic Starter

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middle of a corn field
  • Local time:02:30 AM

Posted 30 April 2013 - 08:06 AM

WooHoo!  Got it to work.  I had to change both the allow and deny rules to point to HTTP and HTTPS services.  Before I just had the allow rule looking at HTTP and HTTPS and the deny rule looking at any, which locked down all websites.  When I changed them both to look at web services it locked up sites like google and such but still allowed access to our company website and our support website.  Not sure on the NAT policy as I really don't know much about them.  It sounds like it would work I just have never worked with those policies.  Considering I got it to work I think I will stick with firewall rules unless there is a security reason to use NAT policies.



#6 chrisd87

chrisd87

  • Members
  • 811 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:03:30 AM

Posted 30 April 2013 - 08:13 AM

That's awesome, glad you got it working.


"Like car accidents, most hardware problems are due to driver ɹoɹɹǝ."

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users