Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 2775 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

prevent access

AreshAreshi

Hi,

We want to block the access to our internal websites from some IP address, I did follow the suggestion of our good frind BAlfson and did this:

 

Create a new DNAT Rule and there create a group that has all IP's that must be blocked then use ANY for the services and use ANY for the going to (because the WAN port has multipal IP's) and for the destnation did create a network Host with IP that is not exsit.

right now the position of the rule is down the list at number 121, should we move the rule to the Top of the DNAT rules? or just leave it there at 121 position?

 

DNAT : {group of bad IPs} -> Any -> {group of WAN (Address) objects} : to {non-existent IP}



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to sachingurung

    Hi sachingurung, 

    Thank you for the reply,

    Strange  enough I did not have to move the rule to the top of list and rule works, and access from IP is not possible.

    Is it possible to block the access to only some websites? e.i. we dont want some google robots to access some of our websites. can I block robots access to some websites and allow access to other websites?

     

    Thanks

  • 0 in reply to AreshAreshi

    You should be able to specify the remote address, ie the google robots you wish to block.

    Thanks

    Thanks, Duncan

  • 0 in reply to AreshAreshi

    In general, Sachin's suggestion is the usual way to do this and is a good habit to follow even though it's not always necessary to have the rule at the top.

    Please start a new thread for your new question, especially if it involves Webserver Protection.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to DuncanNewell

    Hi Duncan,

     

    Thank you for your reply,

     

    Yes you are right we can say from whitch IP address we dont want to have connection to our websites, but unfortunatly with DNAT you can not say ie the google bots can access some of our websites and not some other websites.

    Thanks

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML