SONICWALL NSA 4500 exclusion list

Hello i have a little issue, the director has requested that he has access to facebook while the whole company is blocked, if i add him to the cfs exclusion list i am allowing him accesss to everything and that potentially can be dangerous. Is there a way to allow him access to just facebook? on this firewall? thanks
Anda09Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nasirshCommented:
You can just allow him to the IP address of facebook. Use nslookup to check the IP address and go ahead.
0
Anda09Author Commented:
Where does the IP address go? firewall? or how? didnt really understood where do i put the IP address of facebook?
0
nasirshCommented:
On the Firewall > Access Rules page. In the Add Rule page in the General tab, select Allow | Deny | Discard from the Action list to permit or block IP traffic. From here you can select the source and the destination and allow your director's IP to access the IP of Facebook
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

digitapCommented:
adding to nasirsh's comment, you can create an address object that is the diretor's mac address.  this way you don't have to worry about static IPs etc.
0
Anda09Author Commented:
Well dont really understand all the rules and which to pick and which options to choose, anyone can guide me through or maybe there is a tutorial online that you know off? would be great... Thanks guys
0
nasirshCommented:
0
digitapCommented:
go to Firewall > Access Rules.  It should default to the Matrix view.  If not, that's the easiest way to filter out ONLY what you want.  In Matrix view, you'll see zones accross the top and left hand side.  Click the corresponding LAN > WAN intersection.  LAN being the left and WAN being the top of the matrix.  If you've run the public server wizard or manually created a rule, then you'll see it here.  If not, then you'll need to add a new rule.  You'll need to create an address object representing the facebook IP addresses.  You might have to create multiple address objects and an address group.  The source would be an address object representing the mac address of the user.  You can leave service any and specify the interface of the WAN, X1.  When you create the rule, you'll get the chance to create an address object.  The add wizard will not let you create multiple object and address group.  You have to got to Network > Address Object to do that.  Then, you can create the firewall rule.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
digitapCommented:
thanks for the points!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.