We help IT Professionals succeed at work.

Isolating a PC to get facebook while denying all others thru WatchGuard Webblocker 11.

ECHO50
ECHO50 asked
on
4,008 Views
Last Modified: 2013-11-16
I am trying to isolate one PC thru my WatchGuard webblocker to get facebook while denying all other the same access.  So far I have given this PC a static IP, but am not clear what to do after.
Comment
Watch Question

CERTIFIED EXPERT

Commented:
Follow the steps in this Watchguard Link:

http://www.watchguard.com/help/docs/fireware/10/en-US/index_Left.html#CSHID=en-US%2Fservices%2Fwebblocker%2Fwebblocker_outbound_auth_user_groups_f.html|StartTopic=Content%2Fen-US%2Fservices%2Fwebblocker%2Fwebblocker_outbound_auth_user_groups_f.html|SkinName=Fireware (en-US)

The example is an educational setting, but the idea and layout is the same. Make sure to follow each step, including the deny message near the end.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Version 11.3.2
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
No, they have not.  I followed instructions to the letter.  I created a new policy and a new HTTP-Proxy, which I named HTTP-ProxyFrontDesk.  Used the new policy, Put in exceptions for facebook, put IP address in FROM and left to as Any External, but it is still looking at the original policy.

I am apparently missing something else.
Thanks
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Still getting the same message which is ....
Request denied by WatchGuard HTTP proxy.
Reason: one or more categories denied helper='WebBlocker.2' details='local-exception(Sorry_No_More_Facebook)'
--------------------------------------------------------------------------------
Method: GET
Host: www.facebook.com 
Path: /

WebBlocker.2 is my original Proxy Action.  I created another proxy action just for the front desk, which is named WebBlocker.3 - FrontDesk, which is what I would like to use only for the front desk.

------------------------------------------------
This is from the traffic monitor and the only thing that I see relating to this front desk PC.  I cleared the traffic and launched facebook.

2010-11-12 05:55:32 Deny 64.52.230.65 224.0.0.1 igmp   0-External Firebox Denied 28 1 (Unhandled External Packet-00)  proc_id="firewall" rc="101"       Traffic

2010-11-12 05:55:32 Allow 192.168.1.200 173.194.34.100 http/tcp 4709 80 1-Trusted 0-External ProxyStrip: HTTP Header match   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="592" proxy_act="HTTP-Client.2" rule_name="Default" header="X-XSS-Protection: 1; mode=block\x0d\x0a" msg_id="262171"       Traffic

2010-11-12 05:55:36 Allow 192.168.1.200 173.194.34.100 http/tcp 4709 80 1-Trusted 0-External ProxyStrip: HTTP Header match   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="592" proxy_act="HTTP-Client.2" rule_name="Default" header="X-XSS-Protection: 1; mode=block\x0d\x0a" msg_id="262171"       Traffic

2010-11-12 05:55:36 Allow 192.168.1.200 173.194.34.104 http/tcp 4711 80 1-Trusted 0-External ProxyStrip: HTTP Header match   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="592" proxy_act="HTTP-Client.2" rule_name="Default" header="X-XSS-Protection: 1; mode=block\x0d\x0a" msg_id="262171"       Traffic

2010-11-12 05:55:37 Allow 192.168.1.200 69.63.181.12 http/tcp 4712 80 1-Trusted 0-External ProxyAllow: HTTP Request categories   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="590" proxy_act="HTTP-Client.2" cats="Personals & Dating" op="GET" dstname="facebook.com" arg="/" msg_id="262177"       Traffic

2010-11-12 05:55:37 Allow 192.168.1.200 69.63.181.12 http/tcp 4712 80 1-Trusted 0-External ProxyStrip: HTTP Header match   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="592" proxy_act="HTTP-Client.2" rule_name="Default" header="X-Cnection: close\x0d\x0a" msg_id="262171"       Traffic


I hope this is helpful!!!  Thanks again
HA :) I think I see the problem.  

In step 3b, change the *.facebook.com/* to *facebook.com/*.    Remove the first dot.

~Jon

Author

Commented:
Didn't work with removing the "."  This is what I recently copied from traffic monitor

2010-11-12 06:54:55 Deny 192.168.1.200 66.151.151.149 http/tcp 1121 80 1-Trusted 0-External ProxyDeny: HTTP Request categories   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="594" proxy_act="HTTP-Client.2" cats="Games" op="GET" dstname="www.zynga.com" arg="/" msg_id="262177"       Traffic
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Jon, thanks for your help.  Your answer was a part of the solution.  The other part I got from the Users manual.  After setting up a new http proxy for the reception desk, the IP address for the reception PC had to be placed in FROM in Outgoing to make it work.

Thanks for all your help.  It has been resolved.
Yep :)  I think you may have missed step #6 "Add the static IP in the FROM box of the policy.  Leave the TO as any-external."

Glad you got it working.  

Thanks
Jon
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.