Solved

Block user on Sonicwall

Posted on 2013-10-30
7
3,381 Views
Last Modified: 2013-12-02
Is there a way to check the highest IP traffic for a workstation on Sonicwall Pro 4060 ?

How to block this suspicious workstation on Sonicwall to prohibit it from overutitlize the internet bandwidth ?

Tks
0
Comment
Question by:AXISHK
  • 3
  • 3
7 Comments
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39611930
Did you try to go to App Flow Monitor under the Dashboard and you should see tabs with Users and Initiators?
0
 

Author Comment

by:AXISHK
ID: 39613346
No, can't see that.

But need a more real time for displaying users with high network traffic or session and block it with ACL.

Any advise ?

Tks
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39613532
Hi AXISHK,

@AXISHK & @comfortjeanius - A Pro 4060 does not have App Flow...as that functionality is only found in Next Generation Firewalls (NGFWs).
To see what IPs are utilizing the most bandwidth go to Logs > Reports and if it is not already enabled click on Start Data Collection under the Data Collection section. If you just enabled, you will need to wait for the collection to actually start collecting data from this point forward as it does not collect retrospectively. If you have already enabled collection or once you have a day or so of data, check back in and select Bandwidth Usage by IP Address under the View Data section. This will give you a list of the most bandwidth used by IP address.

To block a host from accessing the Internet you can do it a few ways  but it really depends on what firmware version you currently have (e.g. 3.6.0.12s). If you firmware allows for this (and all firmware versions do for all current NGFW models) you need to create an Address Object for the suspicious workstation. Setup the Address Object as follows:
Name: <any name you desire to identify it>
Zone Assignment: LAN or whatever zone the workstation is currently connected to.
Type: MAC
MAC Address: <input the MAC address from the suspicious workstation >
Now go to Access Rules and setup a new Rules as follows:
Action: Deny or Discard (if applicable)
From: LAN
To: WAN
Service: HTTP
Source: <select the Address Object we just create above.>
Destination: Any
Users: All
Schedule: Always on
Comment: whatever you want to document this rule
Logging: Checked
Allow Fragmented Packets: Checked
It is important to block this workstation by MAC address rather than IP since all they have to do is either manually change the IP or get issued a new one by the DHCP server in order to circumvent an IP Address block. Again, this functionality heavily depends on the firmware you currently have but it does work for all new SonicWALL models regardless of the firmware edition.

----SIDE NOTE------------
Given all the questions you have asked recently, I'd highly recommend upgrading to a NGFW like the SonicWALL NSA 4600 (which SonicWALL recommends as an upgrade from a Pro 4060).

Additionally, since the Pro 4060 is now EOL (End of Life) as of July 1, 2013, it only further bolsters my point plus with a NGFW will give you a ton of add performance, security, and functionality built-in that your current firewall does not provide.

Anyway, let me know if you have any questions!
1
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:AXISHK
ID: 39614263
For Access Rule, should the Action be "Deny" rather than allow in order to block the workstation from accessing internet ?

Great Thanks.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39614764
My mistake. You are right! I corrected it. Thanks!
0
 

Author Closing Comment

by:AXISHK
ID: 39615864
Tks
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39616051
My pleasure! Glad I could help and thanks for the points!
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
unable to set full duplex 100 on WAN interface 11 64
nested esxi, NIC issues 1 36
BGP recommended setup with failover 2 50
VTP servers with 3650 switches 5 27
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question