Posted on 2013-10-14
Medium Priority
Last Modified: 2013-10-16
Hi Guys,

I am trying to setup a rule to block http access from my network to the internet from one machine, does this look correct
Question by:jonathanduane2010
LVL 20

Assisted Solution

rauenpc earned 868 total points
ID: 39571468
that rule should be put under the Inside incoming rules as the first rule. That will block your specific traffic and then permit the rest. Otherwise, the rule itself appears to be correct, just on the wrong interface.

Author Comment

ID: 39571665
ah ok, so i have put in on the outside in, instead of the other way round?

Author Comment

ID: 39571837
ok i have added that but still able to access the internet from this machine?

Expert Comment

ID: 39572338
As rauenpc said on the inside incoming ....
LVL 18

Accepted Solution

Akinsd earned 872 total points
ID: 39572688
Inside interface because that's the interface that connects to your network

Incoming (to the firewall) because the firewall is the one receiving the connection before its gets forwarded out

Inside interface, Incoming traffic.

Note (It's all about the firewall)
It is how the firewall sees the traffic.

Further breakdown (let's assume your public address is
ACL 1 that you created
Outside Interface, Incoming
The firewall will see traffic destined to 79.1140.211.194 from the internet
Nothing matches there

Inside interface, Outgoing
Outgoing direction from the firewall on the inside interface is heading in the direction of your computer.
There is no traffic heading that way that matches
What you will find instead is a random port eg (assuming that is the random port your computer used to generate the traffic - research PAT <port Address Translation>)

To get a match, you need to block the traffic as it enters the firewall from the inside interface that your computer is connected to.

I hope this helps

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question