Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 2775 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

prevent access

AreshAreshi

Hi,

We want to block the access to our internal websites from some IP address, I did follow the suggestion of our good frind BAlfson and did this:

 

Create a new DNAT Rule and there create a group that has all IP's that must be blocked then use ANY for the services and use ANY for the going to (because the WAN port has multipal IP's) and for the destnation did create a network Host with IP that is not exsit.

right now the position of the rule is down the list at number 121, should we move the rule to the Top of the DNAT rules? or just leave it there at 121 position?

 

DNAT : {group of bad IPs} -> Any -> {group of WAN (Address) objects} : to {non-existent IP}



This thread was automatically locked due to age.
Parents
  • +1

    Hi Aresh,

    Move the DNAT rule to blackhole connections on TOP. This is required as the UTM fill follow a TOP-BOTTOM approach.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi sachingurung, 

    Thank you for the reply,

    Strange  enough I did not have to move the rule to the top of list and rule works, and access from IP is not possible.

    Is it possible to block the access to only some websites? e.i. we dont want some google robots to access some of our websites. can I block robots access to some websites and allow access to other websites?

     

    Thanks

Reply
  • 0 in reply to sachingurung

    Hi sachingurung, 

    Thank you for the reply,

    Strange  enough I did not have to move the rule to the top of list and rule works, and access from IP is not possible.

    Is it possible to block the access to only some websites? e.i. we dont want some google robots to access some of our websites. can I block robots access to some websites and allow access to other websites?

     

    Thanks

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML