Allow all web traffic for specific IP with Watchguard X550e

jmtoman
jmtoman used Ask the Experts™
on
Hi experts,

I recently implemented a Watchguard X550e with the spamblocker feature enabled, it is doing a great job of blocking but I'm looking for a way i can completely unblock the web for specified static IPs.  I'm using version 10.2 of the system manager.

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
When you say web, are you just referring to ports 80 (HTTP) and 443 (HTTPS), or anything at all on the Internet?

For normal web surfing, the simplest implementation would be to add an HTTP and HTTPS packet policy. You would specify the internal IP in the From section and leave Any-External in the To section.

If you want to allow access to anything on the Internet, then you can add an Any packet policy using the same From and To information.
Top Expert 2007
Commented:
As the machine(s) in question has static IP, it is easy, add one more HTTP proxy [or non proxy service as you wish] in addition to the existing service, configure as below:
Enabled And allowed; from specific-internal-ip; to any

Please note if you are using HTTP proxy for aboe then ensure that either webblocker is turned off or the affected categories are allowed.

Please implement and update.

Thank you.
if you want to allow access from a particular IP then just add an exception to the webblocker.
Go to the Policy Manager, then Setup, then Actions, then Webblocker, edit you config and add a exception.
Top Expert 2007

Commented:
Hi Elwin3, do not want to lighten your efforts but looks like your knowledge of webblocker is limited.

Webblocker exceptions are not for allowing access to internet from an internal machine; it is for bypassing webblocker action [allow/deny] for a specific site.

Thank you.
Sorry my mistake, I was under the impression that it worked that way on the newer version of webblocker, but just tested it and you are right.

so as dpk_wal suggests a filtered http service or another http proxy service will work.

thanks for pointing that out, everyday is a school day :)


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial