|
Title: Block specific clients from accessing the Web Post by: timoteob on Wednesday 23 February 2011, 02:26:12 am I want to block two clients from accessing the web using Endian.
I tried to create and outgoing firewall rule using the follow parameters: Source: IP address of clients Destination: Red Service: HTTP/80 Policy: Deny I was sure to apply the rule after creating it, however, the client can still access the web. Does anyone know how to block this type of traffic? Thank you in advance. Timoteo Title: Re: Block specific clients from accessing the Web Post by: jneundorf on Saturday 26 February 2011, 08:31:44 am This may be a dumb question, but have you checked that the rule you created is list ahead of any other rule that could be overriding it? I believe it's first rule wins.
Title: Re: Block specific clients from accessing the Web Post by: AussieBloke on Sunday 27 February 2011, 12:54:42 pm In addition to jneundorf.
Ensure the client computers use the same IP address. Either manually assign the IP or add it as a reservation. Be aware, the person using the computer can change the IP address and gain access to the internet. If you want to stop users from accessing the internet, use non transparent proxy. Title: Re: Block specific clients from accessing the Web Post by: timoteob on Wednesday 02 March 2011, 12:32:11 am jneundorf,
Thank you for replying. The rule I created was last; for some reason I thought the last rule takes precedence. I will try moving the rule to the top of the list and see if that makes a difference. AussieBloke, Thank you for the information, I checked Configuration tab under HTTP proxy setting and it is already set to "non-transparent proxy". Is there some thing else that I must do to get this to work? Timoteob Title: Re: Block specific clients from accessing the Web Post by: timoteob on Wednesday 22 June 2011, 02:23:18 am Ok, I figured out the solution to the problem. I am posting because I hate when these thread hang on with no solution. It seems as though you cannot block HTTP traffic using the out going firewall. You have to use the HTTP proxy server. Once I set up an access policy blocking web access for those clients everything worked fine.
Title: Re: Block specific clients from accessing the Web Post by: alex_t on Wednesday 22 June 2011, 10:16:45 pm Quote Source: HTTP/80 Are you sure, that it shouldn't be Dest: HTTP/80?Title: Re: Block specific clients from accessing the Web Post by: whoiam55 on Thursday 23 June 2011, 01:19:45 am You also need to block access from Firewall module.
Title: Re: Block specific clients from accessing the Web Post by: timoteob on Thursday 23 June 2011, 10:49:44 pm Quote Source: HTTP/80 Are you sure, that it shouldn't be Dest: HTTP/80?Ops, I made a typo, it should actually be Service: HTTP/80 Quote from: whoiam55 You also need to block access from Firewall module. Thank you for the input, but I am not sure if that is correct. I completely deleted my original outgoing firewall rule (the one from my first post) when I implemented the HTTP proxy solution and the clients are not able to access the web. Title: Re: Block specific clients from accessing the Web Post by: susantadutta84 on Friday 24 June 2011, 03:45:24 pm Do the folowing,
1) Create a outgoing firewall rule base on Source Type * MAC addresses of client computer because mac address is fixed for each computer. place the rule in first position. source - type mac - computer mac address destination type- red in protocol field - select TCP/80 for http traffic TCP/443 for https traffic TCP+UDP/53 - for dns traffic action - deny position - first |