domain access control using sonicwall utm
TRANSCRIPT
8/6/2019 Domain Access Control Using SonicWALL UTM
http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 1/8
UTM/Fire N Domain (FQDN) Access Control Using SonicWALL UTMwall/VP
Introduction
This technote describes how to setup user access to domain names (fully qualified domain names) through a Firewallpolicy (preferred) or content management policy with SonicOS enhanced. This article is intended as a supplement. For
complete information on configuring firewall and content management policy please refer to the SonicOS admin guide.
Even though a firewall rule method is more difficult to configure than the content management method, it provides several
advantages including: granular control of users, IP protocol, TCP port, bandwidth shaping, more informative logging, and
simplified management.
Reference:
Single sign on feature module
SonicOS enhanced admin guide
Recommended Versions
SonicOS Enhanced 3.5.0.0 or newer
Caution: If using the firewall rule method, no block page explaining why user cannot access the site will be displayed.
Use of forbidden domains within Content Filter Service (CFS) as described in option two, does not allow for privilegedusers to gain access to blocked domains.
8/6/2019 Domain Access Control Using SonicWALL UTM
http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 2/8
ProcedureOption One: Access Control Through Firewall Policy and the FQDN Address Object
For complete information on configuring firewall access rules refer to the SonicOS enhanced admin guide part 5: Firewall.
In this example I will use a sample configuration that blocks everyone but the active directory users group “demo group”
from accessing “mydomain.com”.
Step 1: Creating an Address Object
1a: Direct your web browser to Network > Address Objects >Add
1b: In the add address object pop up box:
1c: Enter a friendly name
1d: Select “Zone Assignment:” WAN
1e: Enter the Fully Qualified Domain Name: (for example: Mydomain.com)
1f: Click Add
Note: Wildcards are supported.
Repeat as necessary for all domain names you intend to control.
2
8/6/2019 Domain Access Control Using SonicWALL UTM
http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 3/8
Step 2: Creating an Address Object Group
2a: Direct your web browser to Network > Address Objects > Add Group
In the add address object group pop up box:
2b: Enter a friendly name
2c: Select the appropriate address objects (shift or control+click to select multiple)
2d: Click OK
3
8/6/2019 Domain Access Control Using SonicWALL UTM
http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 4/8
Step 3: Creating a Deny Firewall Rule
3a: Direct your browser to Firewall > Access Rules
3b: Check “View Style: Drop-down Boxes”
3c: Choose “From Zone:” LAN and “To Zone:” WAN
3d: Click “OK”
3e: Click “ADD”
4
8/6/2019 Domain Access Control Using SonicWALL UTM
http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 5/8
3f: Choose “Service: Create a new service group” in the “Add Firewall Rule” pop-up
3h:Enter a Friendly name for the service group in the “Create New Address Object Group” Pop-up
3i: Select HTTP and HTTPS
3j: Click OK
3k: Select the “Action: Deny” in the “Add Firewall Rule” pop-up
3l: Select “Source: Any”
3m: Select “Destination: Blocked Domains”
3n: Click ADD
Note: This will prevent all users from accessing the domains Mydomain.com and Myotherdomain.com. Next step
will show how to allow a list of priveleged users.
5
8/6/2019 Domain Access Control Using SonicWALL UTM
http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 6/8
Step 4 (optional): Creating an Allow Rule for Specific Users
4a: Direct your web browser to Firewall > Access Rules
4b: Check “View Style: Drop-down Boxes”
4c: Choose “From Zone:” LAN and “To Zone:” WAN
4d: Click “OK”
4e: Click “ADD”
4f: Select the “Action: Allow” in the “Add Firewall Rule” pop-up (this is default)
4h: Select “Source: Any”
4i: Select “Destination: Blocked Domains”
4j: Select “Users Allowed: your user or user group”
4k: Click ADD
Note: User management Including Single Sign On with Active Directory is covered in the Enhanced Firmware
Admin guide and the Single Sign on Feature Module.
6
8/6/2019 Domain Access Control Using SonicWALL UTM
http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 7/8
Option Two: Access Control Through the Forbidden Domains Option Within the Content Management Security Service
Note: A lisence for content management is reccomended but not required for use of this feature.
Step 1: Configuring CFS Forbidden Domains
1a: Direct your web browser to Security Services > Content Filter
1b: Select SonicWALL CFS from the drop-down (default)
1c: Click Configure
1d: Select the “Custom List” tab
1e: Click the “Add” button from below the “Forbidden Domains” box
7
8/6/2019 Domain Access Control Using SonicWALL UTM
http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 8/8
1f: Enter the domain name you wish to block in the “Add a Forbidden Domain Entry” pop up box
1g: Click “OK”
Note: CFS will block any child domain below the parent specified. For example www.mydomain.com will beblocked if mydomain.com is specified.
Checking Your ConfigurationLog out of the SonicWALL and direct your web browser to any blocked domain. If you have chosen the CFS Forbidden
domains option a block page should be displayed:
Note: It is important that you log out of the management interface before testing. The test can aslo be perforemed
from another computer.
8