block ip address with sonicwall pro 2040 enhanced

We need to block particular websites from users.
I need to setup rules on our 2040pro with enhanced OS to block them.

I have been reading the manual and it is all a bit confusing. Could someone(s) show me the light?

Let's use an example. Say I want to block youtube.com
How would I set up the rules for that?

Thanks
05fdmlAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dpk_walCommented:
This can be done in two ways:
1. Create specific policies which deny access to specific website from the internal network. and/PR
2. Use Security Services -> Content Filter to Restrict web features. HEre you add Forbidden domains. Also, you have options to disable all web traffic except for Allowed Domains.

For option 2 to work, the traffic must be strictly web traffic, if it is any traffic other than web traffic, for eg, P2P, messenger, etc, then option 2 would not work. It works for HTTPS traffic but only IP based rather than URL based.

Option 1 would always work irrespective of the port/protocol used to access the website(s) in question; however, you would need to provide an extensive list of public IP address for the websites and include all possible IPs when configuring the policy.
And, if a website is heavily mirrored, example www.yahoo.com, you would need to keep updating  the policy with all the modifications as and when there are modifications to the mirror addresses [making the task cumbersome and very tough].

Please let know if you need more details.

Thank you.
0
05fdmlAuthor Commented:
We need to go with option number 1.
Users have found a way around the content filter - using the ip address of the site. Since we now need to enter the ip address in as well as the website name, it is best if we learn to use the rules, etc. to block certain sites

Also, we don't want to advertise that were are blocking (as with the content filter), we just want them to think they can't get there.

We are using sonicwall pro 2040 with enhanced os version 4.

any further info would be helpful

thanks
0
05fdmlAuthor Commented:
For instance:

We want the LAN users to not be able to access WAN IP 198.68.70.12

0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

dpk_walCommented:
Go to Firewall->Access rules,
1. Click Add at the bottom of the Access Rules table.
2. In the General tab, select Deny from the Action list.
3. Select "LAN" in from and "WAN" in to zones.
4. Select HTTP from the Service list [or a pre-created custom service if the case be].
5. Leave source as ANY.
6. Select 198.68.70.12 [destination] from the Source list. If not already added, select Create New Network and then add under Add Address Object.
7. Leave rest fields to default and click OK.

Thank you.
0
05fdmlAuthor Commented:
in the add address object there is a tab zone assignmnet.

IT defaults to "Lan". SHould it be changed to "WAN"?

in the type drop down, should it be left as "host"?


Thanks!@
0
dpk_walCommented:
The zone depends on the place where the address resides, continuing from my last post, if we want to create address on step 6, we would select WAN [there is a correction, I should have written "Destination list" there instead of "Source list"].

drop down type would be host, as you would add individual IP address(es) of the server(s). If you wish to add host range [continuous IPs] or IP subnet then the drop down options change accordingly.

Thank you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.