[Last Call] Learn how to a build a cloud-first strategyRegister Now


Blocking outgoing internet for one PC on Firebox 1000

Posted on 2007-10-17
Medium Priority
Last Modified: 2013-11-16
I need to block the internet for 1 PC on the network while all others have full access. I am currently running version 7.4. How would I go about setting this up?
Question by:knada242
  • 4
LVL 12

Expert Comment

ID: 20096076
Are you running WFS? or Fireware Pro?

I run fireware pro, and I believe you just create a new policy (http) and set it to deny. Then add the IP address of the victim, or host name. Of course if you go with the IP address you'd have to make sure to set a static IP address on the victim's computer. Or make sure that DHCP always gives that address, and making sure the user can't change the IP address.

Unfortunately I think your using WFS and i haven't used that in a while but the theory should be the same.

I hope this helps
LVL 12

Accepted Solution

NetAdmin2436 earned 1500 total points
ID: 20096119
If you haven't tried them before, I have often found the watchguard forums to be quite good.  

Watchguards are some what of a specific product and they have tech support people answering questions in there.  

Author Comment

ID: 20096900
I am running WFS. I tried to setup a HTTP policy set to ignore port 80, and 443, then set enabled and denied for the from outgoing IP. Unfortunately the host was still able to communicate with the web. A static IP has been set on the host. I will also post this on their forum as well.
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

LVL 12

Expert Comment

ID: 20096935
Oh, how do you have the policies ordered? (from top to bottom) The rules on top, get processed first...the ones at the bottom get processed last. So, make sure you put the new rule for your user near the top or at least ahead of your normal http policy, so it get's processed before your normal http rule.
LVL 32

Expert Comment

ID: 20102485
As you have static IP and have configured HTTP Service as:
Outgoing "Enabled and Denied"; from: private IP of machine; to: Any

This would block all outbound HTTP traffic from that host. Enable logging on the service for both denied and allowed inbound/outbound traffic so you see logs in the traffic monitor. Also, enable logging on all HTTP service you have and outgoing service to see if the traffic is escaping out of any other service.

Please update on the version of WSM/WFS that you have.

Please check and update.

Thank you.
LVL 12

Expert Comment

ID: 20144848
I'm glad you were able to get an answer, whether on EE or the watchguard forum. Thanks for closing this question and awarding points.


Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Make the most of your online learning experience.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question