Solved

Block user on Sonicwall

Posted on 2013-10-30
7
3,319 Views
Last Modified: 2013-12-02
Is there a way to check the highest IP traffic for a workstation on Sonicwall Pro 4060 ?

How to block this suspicious workstation on Sonicwall to prohibit it from overutitlize the internet bandwidth ?

Tks
0
Comment
Question by:AXISHK
  • 3
  • 3
7 Comments
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39611930
Did you try to go to App Flow Monitor under the Dashboard and you should see tabs with Users and Initiators?
0
 

Author Comment

by:AXISHK
ID: 39613346
No, can't see that.

But need a more real time for displaying users with high network traffic or session and block it with ACL.

Any advise ?

Tks
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39613532
Hi AXISHK,

@AXISHK & @comfortjeanius - A Pro 4060 does not have App Flow...as that functionality is only found in Next Generation Firewalls (NGFWs).
To see what IPs are utilizing the most bandwidth go to Logs > Reports and if it is not already enabled click on Start Data Collection under the Data Collection section. If you just enabled, you will need to wait for the collection to actually start collecting data from this point forward as it does not collect retrospectively. If you have already enabled collection or once you have a day or so of data, check back in and select Bandwidth Usage by IP Address under the View Data section. This will give you a list of the most bandwidth used by IP address.

To block a host from accessing the Internet you can do it a few ways  but it really depends on what firmware version you currently have (e.g. 3.6.0.12s). If you firmware allows for this (and all firmware versions do for all current NGFW models) you need to create an Address Object for the suspicious workstation. Setup the Address Object as follows:
Name: <any name you desire to identify it>
Zone Assignment: LAN or whatever zone the workstation is currently connected to.
Type: MAC
MAC Address: <input the MAC address from the suspicious workstation >
Now go to Access Rules and setup a new Rules as follows:
Action: Deny or Discard (if applicable)
From: LAN
To: WAN
Service: HTTP
Source: <select the Address Object we just create above.>
Destination: Any
Users: All
Schedule: Always on
Comment: whatever you want to document this rule
Logging: Checked
Allow Fragmented Packets: Checked
It is important to block this workstation by MAC address rather than IP since all they have to do is either manually change the IP or get issued a new one by the DHCP server in order to circumvent an IP Address block. Again, this functionality heavily depends on the firmware you currently have but it does work for all new SonicWALL models regardless of the firmware edition.

----SIDE NOTE------------
Given all the questions you have asked recently, I'd highly recommend upgrading to a NGFW like the SonicWALL NSA 4600 (which SonicWALL recommends as an upgrade from a Pro 4060).

Additionally, since the Pro 4060 is now EOL (End of Life) as of July 1, 2013, it only further bolsters my point plus with a NGFW will give you a ton of add performance, security, and functionality built-in that your current firewall does not provide.

Anyway, let me know if you have any questions!
1
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:AXISHK
ID: 39614263
For Access Rule, should the Action be "Deny" rather than allow in order to block the workstation from accessing internet ?

Great Thanks.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39614764
My mistake. You are right! I corrected it. Thanks!
0
 

Author Closing Comment

by:AXISHK
ID: 39615864
Tks
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39616051
My pleasure! Glad I could help and thanks for the points!
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding 14 116
Can Cisco resolve internet address internally 4 31
Unknown security group 2 59
Hyper-V VM not connected 1 77
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now