[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1416
  • Last Modified:

Sonicwall TZ200 block www access for single user

Hi,

One of our customers is asking us if it's possible to block www access for a single ip in their network.   I personally haven't ever set this up and don't know if it's even possible to do in the SW.

Thanks,
Monty
0
montyjenkins
Asked:
montyjenkins
  • 2
2 Solutions
 
spiderwilk007Commented:
Yes you can do it. If they have the content filtering they can create a policy that deny all http and then assign the IP address of the work station to the block all policy that you create. The alternative is to simply create a access rule under firewall from lan-wan. You will have to first create an address object with the users IP address, then create a policy from lan to wan deny http and https select the address object as the source.
0
 
digitapCommented:
Yes. You can either give the workstation a static IP or use the MAC to block Internet access. That's what you want, to block access to the Internet for a single host?

If so, create a firewall access rule such that:

LAN > WAN is Denied
Source: MAC of your host
Destination: Any
Service: Any

When you select the source, choose to create a new object. Then, a new window will appear and you can select Type as the MAC. Or, you can give the host a static IP via a DHCP reservation or statically setting it at the workstation. In this case, chose Host as the type.

If you want to use a static IP, I'd recommend using a DHCP reservation based on the hosts MAC. The idea here is if you set a static IP on the host, then the user has the potential of changing this and getting access to the internet. Otherwise, they'd have to figure out how to change their MAC or install a new NIC to get around the system.
0
 
digitapCommented:
True, I assumed total block to the WAN so chose Any for the service. You could create a service group for this host and add all the services that you wanted to deny LAN > WAN. After all, you've got HTTP, HTTPS, FTP, SMTP, etc. You don't want to create a firewall rule for each.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now