Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3495
  • Last Modified:

Block user on Sonicwall

Is there a way to check the highest IP traffic for a workstation on Sonicwall Pro 4060 ?

How to block this suspicious workstation on Sonicwall to prohibit it from overutitlize the internet bandwidth ?

Tks
0
AXISHK
Asked:
AXISHK
  • 3
  • 3
1 Solution
 
comfortjeaniusCommented:
Did you try to go to App Flow Monitor under the Dashboard and you should see tabs with Users and Initiators?
0
 
AXISHKAuthor Commented:
No, can't see that.

But need a more real time for displaying users with high network traffic or session and block it with ACL.

Any advise ?

Tks
0
 
Blue Street TechLast KnightsCommented:
Hi AXISHK,

@AXISHK & @comfortjeanius - A Pro 4060 does not have App Flow...as that functionality is only found in Next Generation Firewalls (NGFWs).
To see what IPs are utilizing the most bandwidth go to Logs > Reports and if it is not already enabled click on Start Data Collection under the Data Collection section. If you just enabled, you will need to wait for the collection to actually start collecting data from this point forward as it does not collect retrospectively. If you have already enabled collection or once you have a day or so of data, check back in and select Bandwidth Usage by IP Address under the View Data section. This will give you a list of the most bandwidth used by IP address.

To block a host from accessing the Internet you can do it a few ways  but it really depends on what firmware version you currently have (e.g. 3.6.0.12s). If you firmware allows for this (and all firmware versions do for all current NGFW models) you need to create an Address Object for the suspicious workstation. Setup the Address Object as follows:
Name: <any name you desire to identify it>
Zone Assignment: LAN or whatever zone the workstation is currently connected to.
Type: MAC
MAC Address: <input the MAC address from the suspicious workstation >
Now go to Access Rules and setup a new Rules as follows:
Action: Deny or Discard (if applicable)
From: LAN
To: WAN
Service: HTTP
Source: <select the Address Object we just create above.>
Destination: Any
Users: All
Schedule: Always on
Comment: whatever you want to document this rule
Logging: Checked
Allow Fragmented Packets: Checked
It is important to block this workstation by MAC address rather than IP since all they have to do is either manually change the IP or get issued a new one by the DHCP server in order to circumvent an IP Address block. Again, this functionality heavily depends on the firmware you currently have but it does work for all new SonicWALL models regardless of the firmware edition.

----SIDE NOTE------------
Given all the questions you have asked recently, I'd highly recommend upgrading to a NGFW like the SonicWALL NSA 4600 (which SonicWALL recommends as an upgrade from a Pro 4060).

Additionally, since the Pro 4060 is now EOL (End of Life) as of July 1, 2013, it only further bolsters my point plus with a NGFW will give you a ton of add performance, security, and functionality built-in that your current firewall does not provide.

Anyway, let me know if you have any questions!
1
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
AXISHKAuthor Commented:
For Access Rule, should the Action be "Deny" rather than allow in order to block the workstation from accessing internet ?

Great Thanks.
0
 
Blue Street TechLast KnightsCommented:
My mistake. You are right! I corrected it. Thanks!
0
 
AXISHKAuthor Commented:
Tks
0
 
Blue Street TechLast KnightsCommented:
My pleasure! Glad I could help and thanks for the points!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now