Unsolved
This post is more than 5 years old
29 Posts
0
101944
SonicWALL: Allow 1 website and Block everything else by MAC and schedule
My client has asked me to setup this firewall rule on a SonicWALL TZ 105 for a group of specific MAC addresses. Could someone here please help me with this?
1. The group of MAC addresses needs to *ALWAYS* have access to the websites v2kclubconnect.com, google.com, and yahoo.com.
2. The group of MAC addresses needs to have unrestricted access to any websites for the hours 7:00am to 12:00noon.
3. The group of MAC addresses needs to be blocked from access to any websites for all other hours, except for the websites listed in item 1.
I don't want this to affect the other computers on the LAN, only the MAC addresses in the Address Object group.
I need how-to instructions for setting this up. I'm unsure whether this needs to be setup with CFS, Apps, or individual firewall rules.
Thanks very much,
PudgyOne
9 Legend
9 Legend
•
30.3K Posts
0
September 23rd, 2013 22:00
scottkeen,
How many computers are you talking about?
The people on these computers, do they have unrestricted rights?
What operating systems?
Rick
scottkeen
29 Posts
0
September 23rd, 2013 23:00
Rick,
2 computers
The users have User rights assigned to them, not Administrator.
1 computer is Windows XP Pro, 1 computer is Windows 7 Pro
I'd rather not use Family Safety rules on each computer. I'd rather setup access and blocking at the firewall level.
Thanks,
PudgyOne
9 Legend
9 Legend
•
30.3K Posts
0
September 24th, 2013 10:00
scottkeen,
If both of the computers connect to the network, then it's setup correctly.
I would consider Mac Address Filtering. You find out the Mac Addresses of both the computers and tell your router to permit ONLY PC's listed. Doing this, that way if the person finds out the password. They still would connect to the router, but have no internet. This works great for blocking other wireless devices, like smart phones, making them use their data.
I have a Linksys, so you should have something similar on your system. Log in to your router. If you did not change the default password, I suggest you do this so no one can change your settings.
Click on wireless and look for wireless Mac Address Filtering, it's probably disabled. Click on enable, The you should see something similar below. I then click on Permit only PC's listed to access the wireless network.
If you have a wireless printer, smartphone or other wireless devices, you will need to add these to the list. I click on edit Mac Filter List, then I see the Mac Addresses of some of the devices. If you have everything connected at the time you do this, you click on update Mac Address List and everything will show that is connected. If you need Mac Addresses from each system, you can always run an ipconfig /all log and the Mac address for the adapter will be listed. Smartphones and wireless printers usually have the Mac address listed.
Now for the blocking.
You should be able to see Access Restrictions. You can make a Policy and edit it to suit your needs.
Doing the above gives them access during the hours you mentioned. My router only controls blocking.
I work for a company that has an Internet Policy that we have to sign. Having them sign the Policy, helps to control some problems. The problem with trying to block everything, except the websites listed above, if you know the correct IP Address, you can get past the keyword blocking. Example: if you put 31.13.69.80 in the address bar, you get to Facebook. Not sure you can allow only these websites, unless you use some type of parental controls on each system. Some routers have a white list and a black list to allow some access. I have the router firewall turned off at my home and use the firewall in the computer(s). I also have virus protection on each computer(Avast Free Edition). The XP system should have some type of third party firewall, since the XP firewall block incoming but not outgoing. If memory serves me correctly, I think Zone Alarm has some type of setting that you might be able to allow only those websites access, but it would not give full internet access.
Rick