Options
Isolate VLAN from all but 1 domain
I've got a firebox t20 that I have 3 vlans setup on, and I need one of them to be isolated such that it is only able to access a single domain, including any subdomains or additional folders in that domain.
I don't see any options to do so within the fireware web ui. The only options available to me are IP address and IP address ranges, which don't help my use-case.
I'm relatively new to all of this so bear with me if this is a dumb question with an obvious solution.
0
Sign In to comment.
Comments
Ok so I found the option to put in a domain name instead of an ip address, it is under "FQDN", I saw the option previously just didn't click that it was for domain names.
But when I try to set my vlan to allow access to that domain name, it does not work. If i set it to allow all external traffic, it works fine but if I set a specific domain or ip address it doesn't allow me to acccess.
This is how I have the policy setup:
But when I save, i am not able to access any website, OR the ones I specifically setup.
I've also excluded this VLAN from my "outgoing" policy so that it isn't allowed any outgoing traffic except for anything that goes into this isolated policy.
My other Policies are pretty much default except for Outgoing, which I have limited to only allow my VLANs and trusted security types (VLANS are all setup as "custom" security type)
You also need to allow DNS from this VLAN.
Check Traffic Monitor and look for denies from this VLAN to see what is being prevented. Then decide if those accesses are needed or not.