https://community.cisco.com/t5/network-security/sa520w-blocking-urls/m-p/1622633#M559615 <P>Hi everyone.</P><P></P><P>I purchased a SA520W for my company, and i have some probles for configuring firewall.</P><P></P><P>I want to deny access to facebook, youtube and twitter but not for 4 hosts which needs this websites for work.</P><P>I tried to configure content filtering &gt; blocking URLs but with this solution, I deny acces for all users.</P><P>So, I tried to make IP v4 rules :</P><P>The 4 hosts who may access to these websites are 192.168.50.124 to 127</P><P></P><P>Example :</P><P>FROM Zone : LAN</P><P>TO : WAN</P><P>Service : Any</P><P>Action: block always</P><P>Source hosts : 192.168.50.32 to 192.168.50.123</P><P>destination hosts : 66.220.158.11 (one of the facebook's ip)</P><P></P><P>but it does not work.</P><P></P><P>So, I am looking for an other solution, or maybe my rule is not correctly configured ?</P><P></P><P>Thanks for your support</P> Mon, 11 Mar 2019 20:09:03 GMT info-irfasud 2019-03-11T20:09:03Z https://community.cisco.com/t5/network-security/sa520w-blocking-urls/m-p/1622633#M559615 <P>Hi everyone.</P><P></P><P>I purchased a SA520W for my company, and i have some probles for configuring firewall.</P><P></P><P>I want to deny access to facebook, youtube and twitter but not for 4 hosts which needs this websites for work.</P><P>I tried to configure content filtering &gt; blocking URLs but with this solution, I deny acces for all users.</P><P>So, I tried to make IP v4 rules :</P><P>The 4 hosts who may access to these websites are 192.168.50.124 to 127</P><P></P><P>Example :</P><P>FROM Zone : LAN</P><P>TO : WAN</P><P>Service : Any</P><P>Action: block always</P><P>Source hosts : 192.168.50.32 to 192.168.50.123</P><P>destination hosts : 66.220.158.11 (one of the facebook's ip)</P><P></P><P>but it does not work.</P><P></P><P>So, I am looking for an other solution, or maybe my rule is not correctly configured ?</P><P></P><P>Thanks for your support</P> Mon, 11 Mar 2019 20:09:03 GMT https://community.cisco.com/t5/network-security/sa520w-blocking-urls/m-p/1622633#M559615 info-irfasud 2019-03-11T20:09:03Z https://community.cisco.com/t5/network-security/sa520w-blocking-urls/m-p/1622634#M559616 <HTML><HEAD></HEAD><BODY><P>Hi Jean,</P><P></P><P>I wanted to gather a few details on the tests you performed after configuring the rule you mentioned.</P><P>According to the rule, traffic is blocked from 192.168.50.32-123 to 66.220.158.11</P><P></P><P><SPAN>So the test should have been trying </SPAN><A class="jive-link-external-small" href="http://66.220.158.11">http://66.220.158.11</A><SPAN> on the browser of one of the systems in the blocked range, and one in the .124-127 range.</SPAN></P><P>Was it accessible from both PCs after configuring this rule, or blocked on both?</P></BODY></HTML> Sun, 20 Mar 2011 23:55:26 GMT https://community.cisco.com/t5/network-security/sa520w-blocking-urls/m-p/1622634#M559616 Shrikant Sundaresh 2011-03-20T23:55:26Z https://community.cisco.com/t5/network-security/sa520w-blocking-urls/m-p/1622635#M559617 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P><SPAN>after configuring the rule, when i try </SPAN><A class="jive-link-external-small" href="http://66.220.158.11">http://66.220.158.11</A><SPAN> on the browser of a system in the blocked range, it's possible to access this website. It's also possible with a system out of the range. So, it's accessible from both PC instead of just the PCs out of the range.</SPAN></P><P></P><P>Thank you Shrikant</P></BODY></HTML> Mon, 21 Mar 2011 14:50:09 GMT https://community.cisco.com/t5/network-security/sa520w-blocking-urls/m-p/1622635#M559617 info-irfasud 2011-03-21T14:50:09Z https://community.cisco.com/t5/network-security/sa520w-blocking-urls/m-p/1622636#M559618 <HTML><HEAD></HEAD><BODY><P>Hi Jean,</P><P></P><P>For a LAN-WAN rule, you also need to fill in the Source NAT settings. Kindly check if that has been done.</P><P>Once you've filled out the settings, please click on Apply and test from both machines again.</P><P></P><P>Secondly, can you edit the rule and allow logging for it, and check if any logs are generated when traffic goes through the device?</P><P>Please paste the logs, if any, in the next post.</P><P></P><P>Also, are there other rules configured between the LAN and WAN interfaces? Maybe one of those rules is getting hit, and thus the rule you've configured for facebook, never comes into play. You could move the facebook rule to the top, so that it is matched before the other rules.</P><P></P><P>Kindly let me know if there are any developments, after checking these 3 things.</P></BODY></HTML> Mon, 21 Mar 2011 15:24:44 GMT https://community.cisco.com/t5/network-security/sa520w-blocking-urls/m-p/1622636#M559618 Shrikant Sundaresh 2011-03-21T15:24:44Z https://community.cisco.com/t5/network-security/sa520w-blocking-urls/m-p/1622637#M559619 <HTML><HEAD></HEAD><BODY><P>hi</P><P>What do you mean by "you also need to fill in the Source NAT settings" ?</P><P></P><P>I tried to log the rule, but nothing appears in the log table.</P><P></P><P>The only other rule is a rule to alow RDP from WAN to LAN.</P><P></P><P>I attach a screenshot to this post.</P><P></P><P>I have to go and will be back on wednesday.</P><P></P><P>Thanks for your answers.</P></BODY></HTML> Mon, 21 Mar 2011 16:25:34 GMT https://community.cisco.com/t5/network-security/sa520w-blocking-urls/m-p/1622637#M559619 info-irfasud 2011-03-21T16:25:34Z https://community.cisco.com/t5/network-security/sa520w-blocking-urls/m-p/1622638#M559620 <HTML><HEAD></HEAD><BODY><P>Does someone have an idea ?</P></BODY></HTML> Thu, 24 Mar 2011 10:28:58 GMT https://community.cisco.com/t5/network-security/sa520w-blocking-urls/m-p/1622638#M559620 info-irfasud 2011-03-24T10:28:58Z