Blocking outgoing internet for one PC on Firebox 1000

Posted on 2007-10-17
Last Modified: 2013-11-16
I need to block the internet for 1 PC on the network while all others have full access. I am currently running version 7.4. How would I go about setting this up?
Question by:knada242
    LVL 12

    Expert Comment

    Are you running WFS? or Fireware Pro?

    I run fireware pro, and I believe you just create a new policy (http) and set it to deny. Then add the IP address of the victim, or host name. Of course if you go with the IP address you'd have to make sure to set a static IP address on the victim's computer. Or make sure that DHCP always gives that address, and making sure the user can't change the IP address.

    Unfortunately I think your using WFS and i haven't used that in a while but the theory should be the same.

    I hope this helps
    LVL 12

    Accepted Solution

    If you haven't tried them before, I have often found the watchguard forums to be quite good.

    Watchguards are some what of a specific product and they have tech support people answering questions in there.  
    LVL 1

    Author Comment

    I am running WFS. I tried to setup a HTTP policy set to ignore port 80, and 443, then set enabled and denied for the from outgoing IP. Unfortunately the host was still able to communicate with the web. A static IP has been set on the host. I will also post this on their forum as well.
    LVL 12

    Expert Comment

    Oh, how do you have the policies ordered? (from top to bottom) The rules on top, get processed first...the ones at the bottom get processed last. So, make sure you put the new rule for your user near the top or at least ahead of your normal http policy, so it get's processed before your normal http rule.
    LVL 32

    Expert Comment

    As you have static IP and have configured HTTP Service as:
    Outgoing "Enabled and Denied"; from: private IP of machine; to: Any

    This would block all outbound HTTP traffic from that host. Enable logging on the service for both denied and allowed inbound/outbound traffic so you see logs in the traffic monitor. Also, enable logging on all HTTP service you have and outgoing service to see if the traffic is escaping out of any other service.

    Please update on the version of WSM/WFS that you have.

    Please check and update.

    Thank you.
    LVL 12

    Expert Comment

    I'm glad you were able to get an answer, whether on EE or the watchguard forum. Thanks for closing this question and awarding points.


    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    Suggested Solutions

    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now