Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Block HTTPS Site with WatchGuard Firebox

Posted on 2007-10-24
5
Medium Priority
?
11,044 Views
Last Modified: 2013-11-16
Hey WatchGuard Experts,

I'm using a WatchGuard X500 and I need some assistance blocking a site.  I'm trying to block https://vtunnel.com.  Since this is "https", the webblocker isn't going to block it; is that correct?  I have also tried setting up some policies in the policy manager to block it, but no luck yet.  The most recent thing that I have tried was to create a custom policy that denies access to a range of IPs using TCP port 443.  I've done a couple lookups on vtunnel and I get something different every time.  I did a range like this: 67.159.45.1 -> 67.159.45.254.

Nothing I've done so far has blocked it.  I know there are some WatchGuard experts out here, so any help would be appreciated.  
0
Comment
Question by:admintj06
  • 2
  • 2
5 Comments
 
LVL 13

Accepted Solution

by:
hstiles earned 200 total points
ID: 20144919
This appears to be the range of addresses used, based on a quick online DNS check

vtunnel.com. A 67.159.45.99 [TTL=1440] [US]
vtunnel.com. A 67.159.45.100 [TTL=1440] [US]
vtunnel.com. A 67.159.45.233 [TTL=1440] [US]
vtunnel.com. A 67.159.45.89 [TTL=1440] [US]
vtunnel.com. A 67.159.45.90 [TTL=1440] [US]
vtunnel.com. A 67.159.45.91 [TTL=1440] [US]
vtunnel.com. A 67.159.45.92 [TTL=1440] [US]
vtunnel.com. A 67.159.45.96 [TTL=1440] [US]

Are you using WFS or Fireware on your X500?  One problem I can envisage is that if the Outgoing HTTPS rule takes precendence, your deny rule will have no effect.  If I remember correctly, the behaviour of the firewall is to grant as much access aspossible rather than the opposite. If you are using Fireware, you can use manual order mode to position the deny rule higher than the outgoing HTTPS rule, so your global deny list takes precendence.

i.e.

4 HTTPS Outbound Restricted from Trusted to alias Restricted Sites
5 HTTPS Outbound Granted from Trusted to External
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 20144946
You are right webblocker would not block HTTPS traffic because it resides on HTTP proxy; unfortunately the only solution which works is to create HTTPS policy and configure it for denying traffic as:
Outgoing Connections are enabled and denied; from ANY; to public-ip-of-site

which you have already tried.

I would suggest you to run wireshark when establishing a connection to the site and check the ports used; if the ports used are random (non-standard) then you can try adding ANY service as below and check if this make any difference:
Outgoing connections are enabled and denied; from Trusted; to public-ip-site

Other than this I am not sure of any solution which works.

Thank you.
0
 

Author Comment

by:admintj06
ID: 20229144
I am running Fireware v 8.3 build 14051.  Haven't tried to manually reorder the rules yet, but I plan to try this soon.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 20231108
Please implement and let know.

Thank you.
0
 

Author Comment

by:admintj06
ID: 20276874
Reordering the rules did it.  Thank you both for your input.
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month11 days, 23 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question