FireBox III 700 - Seting up a Whitelist/BlackList not with WebBlocker App.

Posted on 2004-04-14
Last Modified: 2008-02-01

I have just purchased a firebox 700, which i am currently using as my gateway.  I want to be able to make a list of all websites that our users goto and then eventually block all the websites except company related ones.   Can anyone help or throw me to a good walkthrough.  The manual is not cutting it...

Question by:emilbus20
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 23

Expert Comment

by:Tim Holman
ID: 10823171
I would seriously consider investment in a product such as SurfControl or Websense.  Whitelisting sites is going to be a huge administrative task !
Also consider something like Microsoft ISA on the inside to act as a proxy server for all your clients ?
Weigh up the cost of such a solution, say $7500 for 100 users over three years, to the cost of trying to do everything yourself (2-3 days to setup, 10mins - 30mins a day administrating)....   ;)
LVL 23

Expert Comment

by:Tim Holman
ID: 10823192
PS - another way to set this up would be with an internal DNS server.  Just blackhole (ie send to all requests to unwanted URLs.

Author Comment

ID: 10823247
Dude, i thought about that, but the owner wants it all controlled in house with the web blocking.  If he wants to pay me to set it up then more power to him...
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

LVL 23

Expert Comment

by:Tim Holman
ID: 10849216
I'm trying to take a look at the Watchguard support site, to see how you can import blacklists, but I don't have a user account, and the manual's too big for me to download over dial-up...  :(
I am thinking something along the lines of creating a rule than denies access to a list of DNS names / IP addresses.  For this you would need to configure Watchguard as a DNS client to an up to date DNS server on the net somewhere (eg your ISP's).
Does the policy editor allow you to create a group of dodgy IPs that you can deny access to ??


Author Comment

ID: 10928403
I am not sure, i am new at the watchguard game...

Does anyone have experience with setting one of these up in this aspect?


Accepted Solution

chickenbone earned 500 total points
ID: 11001788
Watchguard has their Webblocker service. But why don't you just make a list of the sites you want to allow your users access to and then edit your HTTP proxy or filter (which ever your using) to only allow them access to those site. Thereby blocking all port 80 access to the rest?

For example:

Outgoing: Enabled and allowed
From: ANY
To: <your list of sites>

Incoming would be setup how ever you have it now.


Author Comment

ID: 11058360
I figured it out myself.
First I made a normal HTTP Pollicy, blocking access to all websites except the ones that i defined, for EVERYONE.
Then I made a group, adding all the IP addys that I wanted to have full access...
Then I Made a second HTTP Policy giving all of the members of the group access to all websites.

It worked!


Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sonicwall Email los and Alerts 1 69
firewall inside of network 9 87
Need assistance with Windows Firewall rules 6 121
Windows ADHow to restrict port 6881 bit Torrent 3 44
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question