Limit IP's in and out
Sorry for the some what low IQ Question but I am so new to WatchGuard and someone else set it up for us.
I have some employees using their pc's to access Facebook and other sites, and want them only to have access to certain IP addresses. But I have some employees that should have access to anything they want. Where do I set up rules that will allow me to setup something like this. Best case would be blocking everything and adding rules that would allow each ip access to what I choose.
I also want to make it so I must manually enter a machines IP address in order for it to join the network
Please remember I am not great with the ways of WatchGuard yet, so some sort of link to an exact tutorial would be great
Sign In to comment.
You will have 1 or more outgoing policies in your config.
These are normally To: Any-external or To: Any
These are the ones that you initially want to address.
The From: fields on these outgoing policies identifies from the IP addrs/subnets/firewall interfaces that packets will be allowed.
Most often, the From: field will be Any-trusted or Any
1) want them only to have access to certain IP addresses - you would need to add 1 or more policies, such as HTTP & HTTPS policies To: the desired IP addrs, From: the IP addrs that you want to allow.
You can create an Alias entry and have the list of To: IP addrs, and another Alias entry with the list of From: IP addrs. This is easier than adding all the IP addrs to each policy.
2) I also want to make it so I must manually enter a machines IP address in order for it to join the network - create an Alias entry with all the allowed IP addrs, and use that in the From: field for your existing outgoing policies.
Many organisations find it too hard to provide and manage access to services like Facebook, so they adopt a policy of limited access, which can be enforced on the Firebox by using the Quota option. This allows you to limit by time and/or a download limit. See https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/quota_about_c.html?tocpath=Fireware|Fireware Help|Control Network Traffic|Policies|About Quotas|_____0
It is also very useful if you have teenagers in the house, who are easily distracted by the Internet.
Adrian from Australia