Link to home
Create AccountLog in
Avatar of ECHO50
ECHO50

asked on

Isolating a PC to get facebook while denying all others thru WatchGuard Webblocker 11.

I am trying to isolate one PC thru my WatchGuard webblocker to get facebook while denying all other the same access.  So far I have given this PC a static IP, but am not clear what to do after.
Avatar of Brian
Brian
Flag of United States of America image

Follow the steps in this Watchguard Link:

http://www.watchguard.com/help/docs/fireware/10/en-US/index_Left.html#CSHID=en-US%2Fservices%2Fwebblocker%2Fwebblocker_outbound_auth_user_groups_f.html|StartTopic=Content%2Fen-US%2Fservices%2Fwebblocker%2Fwebblocker_outbound_auth_user_groups_f.html|SkinName=Fireware (en-US)

The example is an educational setting, but the idea and layout is the same. Make sure to follow each step, including the deny message near the end.
ASKER CERTIFIED SOLUTION
Avatar of Jon Snyderman
Jon Snyderman
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of ECHO50
ECHO50

ASKER

Version 11.3.2
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of ECHO50

ASKER

No, they have not.  I followed instructions to the letter.  I created a new policy and a new HTTP-Proxy, which I named HTTP-ProxyFrontDesk.  Used the new policy, Put in exceptions for facebook, put IP address in FROM and left to as Any External, but it is still looking at the original policy.

I am apparently missing something else.
Thanks
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of ECHO50

ASKER

Still getting the same message which is ....
Request denied by WatchGuard HTTP proxy.
Reason: one or more categories denied helper='WebBlocker.2' details='local-exception(Sorry_No_More_Facebook)'
--------------------------------------------------------------------------------
Method: GET
Host: www.facebook.com 
Path: /

WebBlocker.2 is my original Proxy Action.  I created another proxy action just for the front desk, which is named WebBlocker.3 - FrontDesk, which is what I would like to use only for the front desk.

------------------------------------------------
This is from the traffic monitor and the only thing that I see relating to this front desk PC.  I cleared the traffic and launched facebook.

2010-11-12 05:55:32 Deny 64.52.230.65 224.0.0.1 igmp   0-External Firebox Denied 28 1 (Unhandled External Packet-00)  proc_id="firewall" rc="101"       Traffic

2010-11-12 05:55:32 Allow 192.168.1.200 173.194.34.100 http/tcp 4709 80 1-Trusted 0-External ProxyStrip: HTTP Header match   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="592" proxy_act="HTTP-Client.2" rule_name="Default" header="X-XSS-Protection: 1; mode=block\x0d\x0a" msg_id="262171"       Traffic

2010-11-12 05:55:36 Allow 192.168.1.200 173.194.34.100 http/tcp 4709 80 1-Trusted 0-External ProxyStrip: HTTP Header match   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="592" proxy_act="HTTP-Client.2" rule_name="Default" header="X-XSS-Protection: 1; mode=block\x0d\x0a" msg_id="262171"       Traffic

2010-11-12 05:55:36 Allow 192.168.1.200 173.194.34.104 http/tcp 4711 80 1-Trusted 0-External ProxyStrip: HTTP Header match   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="592" proxy_act="HTTP-Client.2" rule_name="Default" header="X-XSS-Protection: 1; mode=block\x0d\x0a" msg_id="262171"       Traffic

2010-11-12 05:55:37 Allow 192.168.1.200 69.63.181.12 http/tcp 4712 80 1-Trusted 0-External ProxyAllow: HTTP Request categories   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="590" proxy_act="HTTP-Client.2" cats="Personals & Dating" op="GET" dstname="facebook.com" arg="/" msg_id="262177"       Traffic

2010-11-12 05:55:37 Allow 192.168.1.200 69.63.181.12 http/tcp 4712 80 1-Trusted 0-External ProxyStrip: HTTP Header match   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="592" proxy_act="HTTP-Client.2" rule_name="Default" header="X-Cnection: close\x0d\x0a" msg_id="262171"       Traffic


I hope this is helpful!!!  Thanks again
HA :) I think I see the problem.  

In step 3b, change the *.facebook.com/* to *facebook.com/*.    Remove the first dot.

~Jon
Avatar of ECHO50

ASKER

Didn't work with removing the "."  This is what I recently copied from traffic monitor

2010-11-12 06:54:55 Deny 192.168.1.200 66.151.151.149 http/tcp 1121 80 1-Trusted 0-External ProxyDeny: HTTP Request categories   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="594" proxy_act="HTTP-Client.2" cats="Games" op="GET" dstname="www.zynga.com" arg="/" msg_id="262177"       Traffic
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of ECHO50

ASKER

Jon, thanks for your help.  Your answer was a part of the solution.  The other part I got from the Users manual.  After setting up a new http proxy for the reception desk, the IP address for the reception PC had to be placed in FROM in Outgoing to make it work.

Thanks for all your help.  It has been resolved.
Yep :)  I think you may have missed step #6 "Add the static IP in the FROM box of the policy.  Leave the TO as any-external."

Glad you got it working.  

Thanks
Jon