How would I block one machine from going on to the internet?

Description

How would I block one machine from going on to the internet?

Resolution

 

Feature/Application:

How would I block one machine from going on to the internet?


Procedure:

Content filtering via user and zone screens is a common method of determining what sites can be accessed, but the default policy must be the most restrictive policy you have. This means that if CFS was used to block a single machien from going to the internet, the default policy would have to block everything, and additional permissions would need to be applied to all other devices on the network that have internet access and content filtering applied to them.

A better method of doing this is to simply block the HTTP and HTTPS services for that machine when attempting to access the WAN via firewall access rules. This can be done under Firewall > Access Rules by creating a rule with the follwing parameters:

Deny
From: LAN (if the machne is in the LAN)
To: WAN
*Source Port: Any (only available in 5.9 or 6.2 and above)
Service: HTTP, HTTPS (A group object that includes both services)
Source: (The machine being blocked)
Destination:  ANY
Users: Any
Schedule: Always On

Note: This does not block the use of a proxy site that allows http connections via an alternate port, such as 8080. If this is necessary, additional ports can be blocked, or the service can be set to "ANY" to block all traffic.

Related Articles

  • How to configure Link Aggregation
    Read More
  • Web Proxy Forwarding is not Supported to a Server on the LAN
    Read More
  • How to block ICMP (Ping ) using Application control
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community