Sonicwall TZ200 block www access for single user

Posted on 2011-05-05
Last Modified: 2012-05-11

One of our customers is asking us if it's possible to block www access for a single ip in their network.   I personally haven't ever set this up and don't know if it's even possible to do in the SW.

Question by:montyjenkins
    LVL 8

    Assisted Solution

    Yes you can do it. If they have the content filtering they can create a policy that deny all http and then assign the IP address of the work station to the block all policy that you create. The alternative is to simply create a access rule under firewall from lan-wan. You will have to first create an address object with the users IP address, then create a policy from lan to wan deny http and https select the address object as the source.
    LVL 33

    Accepted Solution

    Yes. You can either give the workstation a static IP or use the MAC to block Internet access. That's what you want, to block access to the Internet for a single host?

    If so, create a firewall access rule such that:

    LAN > WAN is Denied
    Source: MAC of your host
    Destination: Any
    Service: Any

    When you select the source, choose to create a new object. Then, a new window will appear and you can select Type as the MAC. Or, you can give the host a static IP via a DHCP reservation or statically setting it at the workstation. In this case, chose Host as the type.

    If you want to use a static IP, I'd recommend using a DHCP reservation based on the hosts MAC. The idea here is if you set a static IP on the host, then the user has the potential of changing this and getting access to the internet. Otherwise, they'd have to figure out how to change their MAC or install a new NIC to get around the system.
    LVL 33

    Expert Comment

    True, I assumed total block to the WAN so chose Any for the service. You could create a service group for this host and add all the services that you wanted to deny LAN > WAN. After all, you've got HTTP, HTTPS, FTP, SMTP, etc. You don't want to create a firewall rule for each.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now