Limit IP's in and out

ToddvgToddvg
in Firebox - Authentication

Sorry for the some what low IQ Question but I am so new to WatchGuard and someone else set it up for us.

I have some employees using their pc's to access Facebook and other sites, and want them only to have access to certain IP addresses. But I have some employees that should have access to anything they want. Where do I set up rules that will allow me to setup something like this. Best case would be blocking everything and adding rules that would allow each ip access to what I choose.

I also want to make it so I must manually enter a machines IP address in order for it to join the network

Please remember I am not great with the ways of WatchGuard yet, so some sort of link to an exact tutorial would be great

Thanks

Toddvg

Comments

  • Bruce_BriggsBruce_Briggs

    You will have 1 or more outgoing policies in your config.
    These are normally To: Any-external or To: Any
    These are the ones that you initially want to address.
    The From: fields on these outgoing policies identifies from the IP addrs/subnets/firewall interfaces that packets will be allowed.
    Most often, the From: field will be Any-trusted or Any

    1) want them only to have access to certain IP addresses - you would need to add 1 or more policies, such as HTTP & HTTPS policies To: the desired IP addrs, From: the IP addrs that you want to allow.
    You can create an Alias entry and have the list of To: IP addrs, and another Alias entry with the list of From: IP addrs. This is easier than adding all the IP addrs to each policy.

    2) I also want to make it so I must manually enter a machines IP address in order for it to join the network - create an Alias entry with all the allowed IP addrs, and use that in the From: field for your existing outgoing policies.

  • xxupxxup

    Many organisations find it too hard to provide and manage access to services like Facebook, so they adopt a policy of limited access, which can be enforced on the Firebox by using the Quota option. This allows you to limit by time and/or a download limit. See https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/quota_about_c.html?tocpath=Fireware|Fireware Help|Control Network Traffic|Policies|About Quotas|_____0

    It is also very useful if you have teenagers in the house, who are easily distracted by the Internet. :)

    Adrian from Australia

Sign In to comment.