• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Firewall Network access rules

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
D

Duner

Member
Joined
Jun 6, 2003
Location
Canada
Firewall Network access rules SOLVED

Ok, a total noob here needing some help again with setting up access rules for our firewall.

The background is this. We're in an office and some of our staff are using the computers inappropriately. Yes, I was surprised to here this too:rolleyes:. They really only need access to 1 site so I though it would be easy to setup.

We have a Sonicwall TZ170.

In the access rules, I had set up 2 rules.
1) allow access to this 1 site.
2) deny access to the WAN

In the access rules table, the allow rule is above the deny rule so I though it would have priority and allow access to that 1 site while denying all other WAN access. I was wrong.

Help is appreciated.
 
Last edited:
What happens when you have that rule set up; is all traffic allowed or denied? Are you trying to resolve the site by name or by IP address, and does the Sonicwall know how to resolve those address (e.g. is DNS set up in the device)? If you could post a screenshot as well that would be appreciated.
 
Couldn't you set it up so it denies access to * and make an exception to allow whatever sites you want? I have no experience with a Sonic Wall except how to identify one (our product doesn't play nice with them).
 
thideras said:
Couldn't you set it up so it denies access to * and make an exception to allow whatever sites you want? I have no experience with a Sonic Wall except how to identify one (our product doesn't play nice with them).
Click to expand...
A lot of SOHO devices process their rules from the top > down. If his rules are using hostnames/FQDN then the firewall must be able to resolve the address. I bet that the problem is the Sonicwall can't resolve the name (missing/invalid DNS servers) so it cannot apply the policy. Granted, my experience comes from converting the configs to Juniper firewalls, but I guess we'll see.
 
dark_15 said:
What happens when you have that rule set up; is all traffic allowed or denied? Are you trying to resolve the site by name or by IP address, and does the Sonicwall know how to resolve those address (e.g. is DNS set up in the device)? If you could post a screenshot as well that would be appreciated.
Click to expand...

When the rules are in place, all traffic is denied. I'm using IP addresses not names.

Couldn't you set it up so it denies access to * and make an exception to allow whatever sites you want?
Click to expand...

That's what I did, but the exception isn't taking and I'm denied access to all.

A lot of SOHO devices process their rules from the top > down.
Click to expand...

Yep, that's what the firewall says. Top > down in priority. Despite the allow rule being above the deny rule, it denies all.

Will post a screenshot as soon as I can.
 
Do you have your address object entries correct (source address and destination address)? Can you log the policy and see if anything is hitting it?
 
Ok, I can't explain this.

If I enter the deny rule first, then the allow rule. Everything works fine.
If I enter the allow rule first, then the deny rule. Everything is denied.

Eventhough the top/down order is the same, for some reason, I need to enter it in that order. Maybe a firewall reboot would have worked as well after making the changes. I don't know. Either way, I have access to the 1 site now, while everything else is blocked.

Thanks for the input guys.
 
You must log in or register to reply here.

Similar threads

B
Ethernet Cables and Best Cat Rating. Some Thoughts
Replies
3
Views
193
Railgun
Railgun
T
Need help setting up my new mesh network
Replies
2
Views
752
David
David
C
Cant see WIn10 machines on local network
Replies
15
Views
1K
trents
trents
V
Windows Firewall or Router Port Forwarding?
Replies
2
Views
548
BigZ1981
BigZ1981
trents
Router no longer shows as a network device
Replies
18
Views
3K
trents
trents
Back