How can I block an IP address using access rules?

Description

This is a scenario based article where we will be blocking an IP address from accessing the WAN. Let us consider a computer on the LAN (192.168.168.200) from which you want to block any access to the WAN. An access rule is needed to block the same.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

 

Create an Address Object: 

  • Click  OBJECTS ,navigate to Match Objects | Addresses.
  • Click  Add button.
  • Configure the Address object as per screenshot given below.

    Image

 

 

Create an Access rule to block the device from accessing the Internet:

  • Navigate to Policy | Rules and Policies | Access Rules .
  • Click on matrix and select  From 'LAN' to 'WAN'.

    Image

  • You will see a default allow rule for all the services from LAN to WAN.
  • Click Add, which is present at the bottom right of the page.
  • Create an access rule as per the screenshot below with the action set to Deny.
  • Once done, Click Add to save the rule.

    Image

 

 

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

 

Create an Address Object: 

  • Click  MANAGE ,navigate to Objects | Address Object.
  • Click  Add.
  • Configure the Address object as per the screenshot given below.
    Image

 

Create an Access rule to block the device from accessing the Internet:

  • Navigate to Rules | Access Rules.
  • Click on drop down and select  From 'LAN' to 'WAN'.
    Image
  • You will see a default allow rule for all the services from LAN to WAN.
  • Click Add.
  • Create an access rule as per the screenshot below with the action set to Deny.
  • Once done, Click Add to save the rule.
    Image

    NOTE: At this point, any access from the device 192.168.168.200 will be denied to the outside world. Similar procedure is followed if you want to block any access between the zones.

     



Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

 

Create an Address Object

  • Navigate to Network | Address Object.
  • Click Custom Address Objects (radio button).
  • Click Add .
  • Configure the Address object as per the screenshot given below.
      Image 

Create an Access rule to block the device from accessing the Internet

  • Navigate to Firewall | Access Rules.
  • Click on drop down radio button.
  • From LAN to WAN.
  • You will see a default allow rule for all the services from LAN to WAN.
  • Click Add.
  • Create an access rule as per the screenshot below with the action set to Deny.
  • Once done, Click Add to save the rule.
     Image

    NOTE: At this point, any access from the device 192.168.168.200 will be denied to the outside world. Similar procedure is followed if you want to block any access between the zones.

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
NSa Series
Networking
Firewalls
NSv Series
Networking
Firewalls
TZ Series
Networking
not finding your answers?
Ask the Community