Solved

Block user on Sonicwall

Posted on 2013-10-30
7
3,292 Views
Last Modified: 2013-12-02
Is there a way to check the highest IP traffic for a workstation on Sonicwall Pro 4060 ?

How to block this suspicious workstation on Sonicwall to prohibit it from overutitlize the internet bandwidth ?

Tks
0
Comment
Question by:AXISHK
  • 3
  • 3
7 Comments
 
LVL 14

Expert Comment

by:comfortjeanius
Comment Utility
Did you try to go to App Flow Monitor under the Dashboard and you should see tabs with Users and Initiators?
0
 

Author Comment

by:AXISHK
Comment Utility
No, can't see that.

But need a more real time for displaying users with high network traffic or session and block it with ACL.

Any advise ?

Tks
0
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
Comment Utility
Hi AXISHK,

@AXISHK & @comfortjeanius - A Pro 4060 does not have App Flow...as that functionality is only found in Next Generation Firewalls (NGFWs).
To see what IPs are utilizing the most bandwidth go to Logs > Reports and if it is not already enabled click on Start Data Collection under the Data Collection section. If you just enabled, you will need to wait for the collection to actually start collecting data from this point forward as it does not collect retrospectively. If you have already enabled collection or once you have a day or so of data, check back in and select Bandwidth Usage by IP Address under the View Data section. This will give you a list of the most bandwidth used by IP address.

To block a host from accessing the Internet you can do it a few ways  but it really depends on what firmware version you currently have (e.g. 3.6.0.12s). If you firmware allows for this (and all firmware versions do for all current NGFW models) you need to create an Address Object for the suspicious workstation. Setup the Address Object as follows:
Name: <any name you desire to identify it>
Zone Assignment: LAN or whatever zone the workstation is currently connected to.
Type: MAC
MAC Address: <input the MAC address from the suspicious workstation >
Now go to Access Rules and setup a new Rules as follows:
Action: Deny or Discard (if applicable)
From: LAN
To: WAN
Service: HTTP
Source: <select the Address Object we just create above.>
Destination: Any
Users: All
Schedule: Always on
Comment: whatever you want to document this rule
Logging: Checked
Allow Fragmented Packets: Checked
It is important to block this workstation by MAC address rather than IP since all they have to do is either manually change the IP or get issued a new one by the DHCP server in order to circumvent an IP Address block. Again, this functionality heavily depends on the firmware you currently have but it does work for all new SonicWALL models regardless of the firmware edition.

----SIDE NOTE------------
Given all the questions you have asked recently, I'd highly recommend upgrading to a NGFW like the SonicWALL NSA 4600 (which SonicWALL recommends as an upgrade from a Pro 4060).

Additionally, since the Pro 4060 is now EOL (End of Life) as of July 1, 2013, it only further bolsters my point plus with a NGFW will give you a ton of add performance, security, and functionality built-in that your current firewall does not provide.

Anyway, let me know if you have any questions!
1
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:AXISHK
Comment Utility
For Access Rule, should the Action be "Deny" rather than allow in order to block the workstation from accessing internet ?

Great Thanks.
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
My mistake. You are right! I corrected it. Thanks!
0
 

Author Closing Comment

by:AXISHK
Comment Utility
Tks
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
My pleasure! Glad I could help and thanks for the points!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now