block ip address with sonicwall pro 2040 enhanced

We need to block particular websites from users.
I need to setup rules on our 2040pro with enhanced OS to block them.

I have been reading the manual and it is all a bit confusing. Could someone(s) show me the light?

Let's use an example. Say I want to block
How would I set up the rules for that?

Who is Participating?
dpk_walConnect With a Mentor Commented:
The zone depends on the place where the address resides, continuing from my last post, if we want to create address on step 6, we would select WAN [there is a correction, I should have written "Destination list" there instead of "Source list"].

drop down type would be host, as you would add individual IP address(es) of the server(s). If you wish to add host range [continuous IPs] or IP subnet then the drop down options change accordingly.

Thank you.
This can be done in two ways:
1. Create specific policies which deny access to specific website from the internal network. and/PR
2. Use Security Services -> Content Filter to Restrict web features. HEre you add Forbidden domains. Also, you have options to disable all web traffic except for Allowed Domains.

For option 2 to work, the traffic must be strictly web traffic, if it is any traffic other than web traffic, for eg, P2P, messenger, etc, then option 2 would not work. It works for HTTPS traffic but only IP based rather than URL based.

Option 1 would always work irrespective of the port/protocol used to access the website(s) in question; however, you would need to provide an extensive list of public IP address for the websites and include all possible IPs when configuring the policy.
And, if a website is heavily mirrored, example, you would need to keep updating  the policy with all the modifications as and when there are modifications to the mirror addresses [making the task cumbersome and very tough].

Please let know if you need more details.

Thank you.
05fdmlAuthor Commented:
We need to go with option number 1.
Users have found a way around the content filter - using the ip address of the site. Since we now need to enter the ip address in as well as the website name, it is best if we learn to use the rules, etc. to block certain sites

Also, we don't want to advertise that were are blocking (as with the content filter), we just want them to think they can't get there.

We are using sonicwall pro 2040 with enhanced os version 4.

any further info would be helpful

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

05fdmlAuthor Commented:
For instance:

We want the LAN users to not be able to access WAN IP

Go to Firewall->Access rules,
1. Click Add at the bottom of the Access Rules table.
2. In the General tab, select Deny from the Action list.
3. Select "LAN" in from and "WAN" in to zones.
4. Select HTTP from the Service list [or a pre-created custom service if the case be].
5. Leave source as ANY.
6. Select [destination] from the Source list. If not already added, select Create New Network and then add under Add Address Object.
7. Leave rest fields to default and click OK.

Thank you.
05fdmlAuthor Commented:
in the add address object there is a tab zone assignmnet.

IT defaults to "Lan". SHould it be changed to "WAN"?

in the type drop down, should it be left as "host"?

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.