03-18-2011 03:58 AM - edited 03-11-2019 01:09 PM
Hi everyone.
I purchased a SA520W for my company, and i have some probles for configuring firewall.
I want to deny access to facebook, youtube and twitter but not for 4 hosts which needs this websites for work.
I tried to configure content filtering > blocking URLs but with this solution, I deny acces for all users.
So, I tried to make IP v4 rules :
The 4 hosts who may access to these websites are 192.168.50.124 to 127
Example :
FROM Zone : LAN
TO : WAN
Service : Any
Action: block always
Source hosts : 192.168.50.32 to 192.168.50.123
destination hosts : 66.220.158.11 (one of the facebook's ip)
but it does not work.
So, I am looking for an other solution, or maybe my rule is not correctly configured ?
Thanks for your support
03-20-2011 04:55 PM
Hi Jean,
I wanted to gather a few details on the tests you performed after configuring the rule you mentioned.
According to the rule, traffic is blocked from 192.168.50.32-123 to 66.220.158.11
So the test should have been trying http://66.220.158.11 on the browser of one of the systems in the blocked range, and one in the .124-127 range.
Was it accessible from both PCs after configuring this rule, or blocked on both?
03-21-2011 07:50 AM
Hi,
after configuring the rule, when i try http://66.220.158.11 on the browser of a system in the blocked range, it's possible to access this website. It's also possible with a system out of the range. So, it's accessible from both PC instead of just the PCs out of the range.
Thank you Shrikant
03-21-2011 08:24 AM
Hi Jean,
For a LAN-WAN rule, you also need to fill in the Source NAT settings. Kindly check if that has been done.
Once you've filled out the settings, please click on Apply and test from both machines again.
Secondly, can you edit the rule and allow logging for it, and check if any logs are generated when traffic goes through the device?
Please paste the logs, if any, in the next post.
Also, are there other rules configured between the LAN and WAN interfaces? Maybe one of those rules is getting hit, and thus the rule you've configured for facebook, never comes into play. You could move the facebook rule to the top, so that it is matched before the other rules.
Kindly let me know if there are any developments, after checking these 3 things.
03-21-2011 09:25 AM
hi
What do you mean by "you also need to fill in the Source NAT settings" ?
I tried to log the rule, but nothing appears in the log table.
The only other rule is a rule to alow RDP from WAN to LAN.
I attach a screenshot to this post.
I have to go and will be back on wednesday.
Thanks for your answers.
03-24-2011 03:28 AM
Does someone have an idea ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide