Solved

Best method to block single person from Facebook in SonicWALL

Posted on 2014-04-17
10
2,053 Views
Last Modified: 2014-06-22
Utilizing a NSA 220.  I've been asked by a manager to block (1) employee from Facebook.
While I see a method to block Everyone from a social networking site and then to Allow certain individuals or ranges, I do not see an elegant or easy way to block a single workstation, while leaving the rest of the people or IPs unrestricted.

I would like to see instructions for this particular scenario. Lowest impact for the rest of the users is required.
0
Comment
Question by:GPCDIADMIN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
10 Comments
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 40007195
Hi GPCDIADMIN,

Assign the user a static IP (SonicWALL)/DHCP Reservation (Windows Server) and then restrict via that static IP.

Create a new CFS Policy specific for that user.

Then go to Security Services > Content Filter and under CFS Policy per IP Address Range, enabled Enable Policy per IP Address Range and click Accept.

Then go back to that section and click Add... and type in the static IP and select the Policy. Done!

Here are some other options:
By Local User: If you have users login to the SonicWALL before using the Internet then you can apply the policy via user or group instead of by IP.
By SSO/AD: If you are using SSO/LDAP sync you can again apply the policy via user or group instead of by IP.

REF: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=7726

Let me know how it goes!
0
 
LVL 12

Expert Comment

by:Infamus
ID: 40007213
Another way to keep the user's workstation IP is to reserve it from the DHCP server which is more convenient for the admins.
0
 

Author Comment

by:GPCDIADMIN
ID: 40007366
Creating a specific CFS Policy did not work. One thing I notice is that only one policy can be bound to the LAN, and the default policy must remain in place.

I can't have users login to the SonicWALL before using the Internet as this must be a low impact solution.

BTW: I thought, it took the App Control to block a social networking app like Facebook, because the CFS did not effectively block all the possible access methods?
0
Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

 
LVL 25

Expert Comment

by:Diverse IT
ID: 40055360
You can do exactly what I suggested. .. in fact we have 4 CFS policies on the same zone. There is a step you are missing or something is configured incorrectly.

What is going on after you create the policy? You have to assign the user in question a static IP. Have you done that?

Also, App Control does allow you to more effectively block certain sites/applications...such as Facebook app on mobile devices, etc. Do you have App Control Licensed?

In the CFS policy you must click on enable HTTPS.

Let me know how it goes?
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 40079276
How can I assist you further?

Do you have any other questions? Does everything in my last post (http:#a40055360) make sense to you?
0
 

Author Comment

by:GPCDIADMIN
ID: 40132920
I've requested that this question be deleted for the following reason:

Too many days had gone without an answer after my post on 2014-04-17 at 11:18:3.  I felt my question had been abandoned by the Experts Exchange community.  So, with no answer forthcoming, near the end of April, I approached the manager and suggested another method of dealing with the employee Facebook issue that did not require firewall programming.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 40132921
My comment http:#a40007195 is the answer and has actually been documented by SonicWALL. Additionally I have over 15 SonicWALLs with this exact same setup and they work perfectly.
0
 

Author Comment

by:GPCDIADMIN
ID: 40148387
I've requested that this question be closed as follows:

Accepted answer: 0 points for GPCDIADMIN's comment #a40132920

for the following reason:

Replies need to be posted in a timely manner to be acceptable.

Regardless of diverseit's boasts on 2014-06-13 of how many SonicWALLs he has deployed, his answer was too long in coming, and therefore another avenue was found. A solution that comes too late is not an acceptable solution. That is why I requested this case to be deleted.
Arguing the point is not worthwhile, no points are going to be assigned for showing up late.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 40148236
My comment was not made as a boast as you say, but rather to prove a point that this setup works and is functional not theoretical. The reason I don't feel this should be deleted is that it benefits future EE users who have similar questions.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question