[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3510
  • Last Modified:

Block user on Sonicwall

Is there a way to check the highest IP traffic for a workstation on Sonicwall Pro 4060 ?

How to block this suspicious workstation on Sonicwall to prohibit it from overutitlize the internet bandwidth ?

Tks
0
AXISHK
Asked:
AXISHK
  • 3
  • 3
1 Solution
 
comfortjeaniusCommented:
Did you try to go to App Flow Monitor under the Dashboard and you should see tabs with Users and Initiators?
0
 
AXISHKAuthor Commented:
No, can't see that.

But need a more real time for displaying users with high network traffic or session and block it with ACL.

Any advise ?

Tks
0
 
Blue Street TechLast KnightsCommented:
Hi AXISHK,

@AXISHK & @comfortjeanius - A Pro 4060 does not have App Flow...as that functionality is only found in Next Generation Firewalls (NGFWs).
To see what IPs are utilizing the most bandwidth go to Logs > Reports and if it is not already enabled click on Start Data Collection under the Data Collection section. If you just enabled, you will need to wait for the collection to actually start collecting data from this point forward as it does not collect retrospectively. If you have already enabled collection or once you have a day or so of data, check back in and select Bandwidth Usage by IP Address under the View Data section. This will give you a list of the most bandwidth used by IP address.

To block a host from accessing the Internet you can do it a few ways  but it really depends on what firmware version you currently have (e.g. 3.6.0.12s). If you firmware allows for this (and all firmware versions do for all current NGFW models) you need to create an Address Object for the suspicious workstation. Setup the Address Object as follows:
Name: <any name you desire to identify it>
Zone Assignment: LAN or whatever zone the workstation is currently connected to.
Type: MAC
MAC Address: <input the MAC address from the suspicious workstation >
Now go to Access Rules and setup a new Rules as follows:
Action: Deny or Discard (if applicable)
From: LAN
To: WAN
Service: HTTP
Source: <select the Address Object we just create above.>
Destination: Any
Users: All
Schedule: Always on
Comment: whatever you want to document this rule
Logging: Checked
Allow Fragmented Packets: Checked
It is important to block this workstation by MAC address rather than IP since all they have to do is either manually change the IP or get issued a new one by the DHCP server in order to circumvent an IP Address block. Again, this functionality heavily depends on the firmware you currently have but it does work for all new SonicWALL models regardless of the firmware edition.

----SIDE NOTE------------
Given all the questions you have asked recently, I'd highly recommend upgrading to a NGFW like the SonicWALL NSA 4600 (which SonicWALL recommends as an upgrade from a Pro 4060).

Additionally, since the Pro 4060 is now EOL (End of Life) as of July 1, 2013, it only further bolsters my point plus with a NGFW will give you a ton of add performance, security, and functionality built-in that your current firewall does not provide.

Anyway, let me know if you have any questions!
1
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
AXISHKAuthor Commented:
For Access Rule, should the Action be "Deny" rather than allow in order to block the workstation from accessing internet ?

Great Thanks.
0
 
Blue Street TechLast KnightsCommented:
My mistake. You are right! I corrected it. Thanks!
0
 
AXISHKAuthor Commented:
Tks
0
 
Blue Street TechLast KnightsCommented:
My pleasure! Glad I could help and thanks for the points!
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now