Add a computer to access a custom forbidden domain on SonicWall firewall

mkramer777
mkramer777 used Ask the Experts™
on
Have a SonicWall TZ600.  I have facebook.com in the custom forbidden domains.  I want to give access to facebook.com to 1 user on the network.  How would I do this?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
J SpoorTME / Network Security Evangelist

Commented:
create a separate policy for the user?
either by his ip or username.
Philip ElderTechnical Architect - HA/Compute/Storage

Commented:
If AD integrated then set up a rule on the SW to allow that user to access the site via a whitelist that sits higher in the rule set than the blacklist.

If not AD integrated, then set a DHCP reservation in place for that user's PC, Add a Network Address object using that IP, and set up a whitelist rule as per above and make sure it sits higher (lower number) in the rules list.
J SpoorTME / Network Security Evangelist

Commented:
you ca also use a MAC object to apply a policy to.
So no need for static DHCP
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
so if I was to add a separate policy for an ip would I add the user's IP address as "Lan Interface IP"?
TME / Network Security Evangelist
Commented:
you add an address ibject of type MAC withteh mac address of the users PC. Then apply the policy to that object.
J SpoorTME / Network Security Evangelist

Commented:
LAN Interface IP is a built in object that contains the IP address of the SonicWall itself.

Author

Commented:
Is this the right area to setup a 2nd policy?  Have not done this before.  Where do I find MAC for address object?
Screen-Shot-2018-11-29-at-12.57.41-P.png
J SpoorTME / Network Security Evangelist

Commented:
source address would be the object to be created

go to network>address objects, add a new one of type mac.

Author

Commented:
OK.  Also, (and not sure if I need to open a new question for this or not)  I need to open port 1935 on the firewall.  What are the steps to do this?
J SpoorTME / Network Security Evangelist

Commented:
what do you need the port for?
1935 is adobe flash media server, are you hosting that?
https://www.speedguide.net/port.php?port=1935

unless you have restricted LAN to WAN firewall rules, you don't need to open any ports outbound.

Author

Commented:
It is an auction site which uses flash that no one in the network can access.    See screenshot
Screen-Shot-2018-11-29-at-11.37.44-A.png
J SpoorTME / Network Security Evangelist

Commented:
SonicWalls by default do not block out bound traffic.

but if you create a service object for TCP 1935, you can use that I a LAN to WAN firewall rule.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial