Allow port 8443 for certain computers

I'm trying to go to a website on port 8443, but its blocked by our firewall. Looking at the traffic monitor it looks like its being blocked by 'Cleanup Rule' because that says to block any external. HTTPS-outbound is allowing 443 traffic.

My question is, how can I add port 8443 also to the HTTPS-outbound rule? Or do I need to create a new HTTPS-outbound rule and add 8443?

I only want 2 computers to access this port in the company. How do I allow access to port 8443 for 2 computers with their IP? These computers are on DHCP, so what happens if they get a new dhcp IP?

Please see pic.png

pic.png 48.2K

Comments

  • edited September 2022

    Add a Custom Packet Filter for TCP port 8443 From: the IP addrs of the 2 computers To: Any-external

  • I selected Custom, and I'm not sure what do do from there, is there a link with instructions from WatchGuard?

    I also clicked 'Packet Filter', and when I select HTTPS, and 'Add Policy', it says port 443. I don't see a way to add 2 IP address either.

  • Ok I figured it out, I guess I had to do it from the Systems Manager, and not from the GUI. So good news, it works.

    The 2 computers I want to add is on DHCP, so how does that work? What if their IP address change?

  • edited September 2022

    Please see the attached image, as you can see, I only have one IP address on the FROM, but I checked with my collogue, and he's able to open that website also on port 8443.

    Only I should be able to open it.

  • Ok, so the reason why my colleague can access the website is because he have a custom firewall for his computer.

    Now my only question is, what happens if the computers get new IP addresses because of DHCP?

  • What you are going to want to do is either make the PC static or make an IP reservation for the system on your DHCP Server.

    From there, it is in general (I think) easier to make an alias to contain your IP address for the system(s). I will also in general make separate TCP-UDP for staff, managers (as in they can get to Indeed and Job Search sites), and other criteria....

    You can add ranges, subnets or individual IP's to the alias...makes life far easier.

  • OK, that's what I thought, but I was checking to see if it also works with DHCP.

    Is there a way to set the firewall rule for a user? Based on their Active Directory account so which ever computer they login, it applies the rule for that person.

  • Yes, using SSO - WG AD authentication

Sign In to comment.