AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of ECHO50
ECHO50
 asked on

Isolating a PC to get facebook while denying all others thru WatchGuard Webblocker 11.

I am trying to isolate one PC thru my WatchGuard webblocker to get facebook while denying all other the same access.  So far I have given this PC a static IP, but am not clear what to do after.
Software Firewalls
Avatar of undefined
Last Comment
Jon Snyderman
8/22/2022 - Mon
Brian
Follow the steps in this Watchguard Link:

http://www.watchguard.com/help/docs/fireware/10/en-US/index_Left.html#CSHID=en-US%2Fservices%2Fwebblocker%2Fwebblocker_outbound_auth_user_groups_f.html|StartTopic=Content%2Fen-US%2Fservices%2Fwebblocker%2Fwebblocker_outbound_auth_user_groups_f.html|SkinName=Fireware (en-US)

The example is an educational setting, but the idea and layout is the same. Make sure to follow each step, including the deny message near the end.
ASKER CERTIFIED SOLUTION
Jon Snyderman
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
ECHO50
ASKER
Version 11.3.2
SOLUTION
Jon Snyderman
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Jon Snyderman
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Jon Snyderman
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ECHO50
ASKER
No, they have not.  I followed instructions to the letter.  I created a new policy and a new HTTP-Proxy, which I named HTTP-ProxyFrontDesk.  Used the new policy, Put in exceptions for facebook, put IP address in FROM and left to as Any External, but it is still looking at the original policy.

I am apparently missing something else.
Thanks
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
SOLUTION
Jon Snyderman
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ECHO50
ASKER
Still getting the same message which is ....
Request denied by WatchGuard HTTP proxy.
Reason: one or more categories denied helper='WebBlocker.2' details='local-exception(Sorry_No_More_Facebook)'
--------------------------------------------------------------------------------
Method: GET
Host: www.facebook.com 
Path: /

WebBlocker.2 is my original Proxy Action.  I created another proxy action just for the front desk, which is named WebBlocker.3 - FrontDesk, which is what I would like to use only for the front desk.

------------------------------------------------
This is from the traffic monitor and the only thing that I see relating to this front desk PC.  I cleared the traffic and launched facebook.

2010-11-12 05:55:32 Deny 64.52.230.65 224.0.0.1 igmp   0-External Firebox Denied 28 1 (Unhandled External Packet-00)  proc_id="firewall" rc="101"       Traffic

2010-11-12 05:55:32 Allow 192.168.1.200 173.194.34.100 http/tcp 4709 80 1-Trusted 0-External ProxyStrip: HTTP Header match   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="592" proxy_act="HTTP-Client.2" rule_name="Default" header="X-XSS-Protection: 1; mode=block\x0d\x0a" msg_id="262171"       Traffic

2010-11-12 05:55:36 Allow 192.168.1.200 173.194.34.100 http/tcp 4709 80 1-Trusted 0-External ProxyStrip: HTTP Header match   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="592" proxy_act="HTTP-Client.2" rule_name="Default" header="X-XSS-Protection: 1; mode=block\x0d\x0a" msg_id="262171"       Traffic

2010-11-12 05:55:36 Allow 192.168.1.200 173.194.34.104 http/tcp 4711 80 1-Trusted 0-External ProxyStrip: HTTP Header match   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="592" proxy_act="HTTP-Client.2" rule_name="Default" header="X-XSS-Protection: 1; mode=block\x0d\x0a" msg_id="262171"       Traffic

2010-11-12 05:55:37 Allow 192.168.1.200 69.63.181.12 http/tcp 4712 80 1-Trusted 0-External ProxyAllow: HTTP Request categories   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="590" proxy_act="HTTP-Client.2" cats="Personals & Dating" op="GET" dstname="facebook.com" arg="/" msg_id="262177"       Traffic

2010-11-12 05:55:37 Allow 192.168.1.200 69.63.181.12 http/tcp 4712 80 1-Trusted 0-External ProxyStrip: HTTP Header match   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="592" proxy_act="HTTP-Client.2" rule_name="Default" header="X-Cnection: close\x0d\x0a" msg_id="262171"       Traffic


I hope this is helpful!!!  Thanks again
Jon Snyderman
HA :) I think I see the problem.  

In step 3b, change the *.facebook.com/* to *facebook.com/*.    Remove the first dot.

~Jon
ECHO50
ASKER
Didn't work with removing the "."  This is what I recently copied from traffic monitor

2010-11-12 06:54:55 Deny 192.168.1.200 66.151.151.149 http/tcp 1121 80 1-Trusted 0-External ProxyDeny: HTTP Request categories   (HTTP-proxy-00) HTTP-Client.2 proc_id="http-proxy" rc="594" proxy_act="HTTP-Client.2" cats="Games" op="GET" dstname="www.zynga.com" arg="/" msg_id="262177"       Traffic
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Jon Snyderman
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ECHO50
ASKER
Jon, thanks for your help.  Your answer was a part of the solution.  The other part I got from the Users manual.  After setting up a new http proxy for the reception desk, the IP address for the reception PC had to be placed in FROM in Outgoing to make it work.

Thanks for all your help.  It has been resolved.
Jon Snyderman
Yep :)  I think you may have missed step #6 "Add the static IP in the FROM box of the policy.  Leave the TO as any-external."

Glad you got it working.  

Thanks
Jon
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent