?
Solved

Dell SonicWall - How do I immediately terminate a connection

Posted on 2013-11-06
17
Medium Priority
?
3,018 Views
Last Modified: 2016-11-23
I have a device using a lot of bandwidth. I don't know how to identify the person since I only have an IP address, and I don't know how to get the device name from the wireless device. How I can force them off our connection immediately? Thank you!
0
Comment
Question by:Kris5454
  • 8
  • 6
  • 3
17 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 39628152
which version of SonicOS are you running on the given device? what's the model name?
0
 

Author Comment

by:Kris5454
ID: 39628157
Dell SonicWall NSA 3600
0
 
LVL 37

Expert Comment

by:bbao
ID: 39628223
what's the version of SonicOS?
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 

Author Comment

by:Kris5454
ID: 39628233
Can you please tell me where to find that information?
0
 
LVL 37

Expert Comment

by:bbao
ID: 39628264
log on the web console of your SonicWALL device, commonly the System Information is under System > Status under in the left pane.
0
 

Author Comment

by:Kris5454
ID: 39628390
SonicOS Enhanced 6.1.1.1-9n
SonicROM 5.4.0.13
0
 
LVL 29

Expert Comment

by:Blue Street Tech
ID: 39628495
Hi  Kris5454,

To block a wireless device, simply go to Wireless > Status, then click the Block icon, which will automatically add an Address Object for the device's MAC address and add it to the Default ACL Deny Group.

Then all you have to do is enabled/setup MAC Filter List (Wireless > MAC Filter List, then put a checkmark next to Enable MAC Filter List). By default the Deny List: will already have selected the Default ACL Deny Group. Now you have two options under the Allow List: , either:
a) select Allow All MAC Addresses, which will do just that except for any MAC addresses found in the block list or
b) Create an Allow List Group , select it and explicitly add each MAC address you want to access the WLAN.
Let me know if you have any questions!
0
 

Author Comment

by:Kris5454
ID: 39628514
How do I get to the "Wireless" area? I don't see it as an option on the left side of the menu for the SonicWall.
0
 
LVL 29

Expert Comment

by:Blue Street Tech
ID: 39628519
You provided the SonicOS version but what model is it (should be located in the same place as the SonicOS)?

Can you provide a screenshot of your left pane once logged into the SonicWALL?

Depending on your model you may not have built-in Wireless. If that is the case, get the MAC address from the DHCP Server Current Lease or ARP Cache sections and create an Access Rule to deny the MAC Address from its Zone to the WAN.
0
 

Author Comment

by:Kris5454
ID: 39628528
NSA 3600

DellSonic Menu
0
 
LVL 29

Expert Comment

by:Blue Street Tech
ID: 39628534
Ok, the NSA 3600 doesn't have built-in wireless as a feature...that feature stops in models after NSA 250M.

So in this case, get the MAC address from the DHCP Server Current Lease or ARP Cache sections and create an Access Rule to deny the MAC Address from its Zone to the WAN.
0
 

Author Comment

by:Kris5454
ID: 39628588
I'm almost there, but how do you specify which MAC address to deny? There isn't a field to enter that data. I can pick a group of users, but not an individual address.
0
 
LVL 29

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39628599
To block a host from accessing the Internet you need to create an Address Object for the specific device. Setup the Address Object as follows:
Name: <any name you desire to identify it>
Zone Assignment: WLAN or whatever zone the workstation is currently connected to.
Type: MAC
MAC Address: <input the MAC address from the suspicious workstation >
Now go to Access Rules and setup a new Rules as follows:
Action: Deny or Discard (if applicable)
From: WLAN
To: WAN
Service: HTTP or whatever services you wish to block
Source: <select the Address Object we just create above.>
Destination: Any
Users: All
Schedule: Always on
Comment: whatever you want to document this rule
Logging: Checked
Allow Fragmented Packets: Checked
It is important to block this workstation by MAC address rather than IP since all they have to do is either manually change the IP or get issued a new one by the DHCP server in order to circumvent an IP Address block.

Let me know if you have any questions!
1
 

Author Comment

by:Kris5454
ID: 39628613
Thank you very much!
0
 
LVL 29

Expert Comment

by:Blue Street Tech
ID: 39628617
My pleasure!
0
 

Author Closing Comment

by:Kris5454
ID: 39628618
I really appreciate the detailed step by step instructions.
0
 
LVL 29

Expert Comment

by:Blue Street Tech
ID: 39628629
No problem...that is what we're here for! I'm glad I could help and thanks for the points.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

594 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question