Using firewall rules to block outbound Internet access to computers behind the SonicWall
Description
Using firewall Rules to block outbound Internet access to computers behind the SonicWall
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Internet access can be completely blocked by creating a DENY access rule from LAN to WAN on the SonicWall.
In this example, we are going to block outbound Internet access to computers behind the SonicWall.
Procedure
1. Login to your SonicWall management page and click on Policy tab on the top of the page.
2. Navigate to Rules and Policies | Access Rules page.
3. Click on "All Zones -> All Zones" and select From Zone LAN to Zone WAN.
4. Click on Add to get Add Rule Window. Create an access rule from LAN to WAN as below:
- Action: DENY
- Source Zone/Interface: LAN
- Address: ANY -
NOTE:You may block specific source IP addresses by specifying an appropriate host, network, range or group address object instead of "ANY". - Port/Services: ANY
- Destination Zone/Interface: WAN
- Port/Services: ANY
5. Click on Add.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Internet access can be completely blocked by creating a DENY access rule from LAN to WAN on the SonicWall.
In this example, we are going to block a computer with IP 192.168.168.2. Created Address Object for IP 192.168.168.2 with name as "My PC"
Procedure
- Login to your SonicWall management page and click Manage tab on top of the page.
- Navigate to Rules |Access Rules page. On right side, click Matrix button to get Choose Zones window.
- Click '->' from LAN to WAN as below.
- Click Add button to get Add Rule Window. Create an Access Rule From LAN To WAN zone as below.
- Action: DENY
- From Zone: LAN
- To Zone: WAN
- Service: ANY
- Source: ANY - NOTE:You may block specific source IP addresses by specifying an appropriate host, network, range or group address object instead of "ANY".
- Destination: ANY
- Users Allowed: ALL
- Schedule: ALWAYS ON
- Comment: Enter an appropriate description in the comment field.
- Click ADD button to save settings as below.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Internet access can be completely blocked by creating a DENY access rule from LAN to WAN on the SonicWall.
Firmware 6.x:
- Select Access | Rules.
- Click Add.
- Create the following rule:
- Action: DENY
- Service: ANY
- Source: LAN / DMZ (the range of IP addresses to which you wish to block access). NOTE: The [*] indicates that all the computers behind the selected Interface will be blocked.
- Destination: WAN. [*]
- Enter an appropriate description in the comment field.
- Click OK.
SonicOS Standard:
- Select Firewall |Access Rules.
- Click Add.
- Create the following rule:
- Action: DENY
- Service: ANY
- Source: LAN / DMZ (the range of IP addresses to which you wish to block access). NOTE: The [*] indicates that all the computers behind the selected Interface will be blocked.
- Destination: WAN. [*]
- Enter an appropriate description in the comment field.
- Click OK.
SonicOS Enhanced:
- Select Firewall | Access Rules.
- Select LAN > WAN from the matrix.
- Click Add.
- Create the following rule:
- Action: DENY
- From Zone: LAN
- To Zone: WAN
- Service: ANY
- Source: ANY - NOTE:You may block specific source IP addresses by specifying an appropriate host, network, range or group address object instead of "ANY".
- Destination: ANY
- Users Allowed: ALL
- Schedule: ALWAYS ON
- Enter an appropriate description in the comment field.
- Click OK.