8/6/2019 Domain Access Control Using SonicWALL UTM

http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 1/8

UTM/Fire N  Domain (FQDN) Access Control Using SonicWALL UTMwall/VP 

Introduction

This technote describes how to setup user access to domain names (fully qualified domain names) through a Firewallpolicy (preferred) or content management policy with SonicOS enhanced. This article is intended as a supplement. For

complete information on configuring firewall and content management policy please refer to the SonicOS admin guide.

Even though a firewall rule method is more difficult to configure than the content management method, it provides several

advantages including: granular control of users, IP protocol, TCP port, bandwidth shaping, more informative logging, and

simplified management.

Reference:

Single sign on feature module

SonicOS enhanced admin guide

Recommended Versions

SonicOS Enhanced 3.5.0.0 or newer 

Caution: If using the firewall rule method, no block page explaining why user cannot access the site will be displayed.

Use of forbidden domains within Content Filter Service (CFS) as described in option two, does not allow for privilegedusers to gain access to blocked domains.

8/6/2019 Domain Access Control Using SonicWALL UTM

http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 2/8

ProcedureOption One: Access Control Through Firewall Policy and the FQDN Address Object

For complete information on configuring firewall access rules refer to the SonicOS enhanced admin guide part 5: Firewall.

In this example I will use a sample configuration that blocks everyone but the active directory users group “demo group”

from accessing “mydomain.com”.

Step 1: Creating an Address Object

1a: Direct your web browser to Network > Address Objects >Add 

1b: In the add address object pop up box:

1c: Enter a friendly name

1d: Select “Zone Assignment:” WAN 

1e: Enter the Fully Qualified Domain Name: (for example: Mydomain.com)

1f: Click Add 

Note: Wildcards are supported.

Repeat as necessary for all domain names you intend to control.

2 

8/6/2019 Domain Access Control Using SonicWALL UTM

http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 3/8

Step 2: Creating an Address Object Group

2a: Direct your web browser to Network > Address Objects > Add Group 

In the add address object group pop up box:

2b: Enter a friendly name

2c: Select the appropriate address objects (shift or control+click to select multiple)

2d: Click OK 

3 

8/6/2019 Domain Access Control Using SonicWALL UTM

http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 4/8

Step 3: Creating a Deny Firewall Rule

3a: Direct your browser to Firewall > Access Rules

3b: Check “View Style: Drop-down Boxes”

3c: Choose “From Zone:” LAN and “To Zone:” WAN 

3d: Click “OK”

3e: Click “ADD” 

4 

8/6/2019 Domain Access Control Using SonicWALL UTM

http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 5/8

3f: Choose “Service: Create a new service group” in the “Add Firewall Rule” pop-up

3h:Enter a Friendly name for the service group in the “Create New Address Object Group” Pop-up

3i: Select HTTP and HTTPS 

3j: Click OK

3k: Select the “Action: Deny” in the “Add Firewall Rule” pop-up 

3l: Select “Source: Any” 

3m: Select “Destination: Blocked Domains” 

3n: Click ADD 

Note: This will prevent all users from accessing the domains Mydomain.com and Myotherdomain.com. Next step

will show how to allow a list of priveleged users.

5 

8/6/2019 Domain Access Control Using SonicWALL UTM

http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 6/8

Step 4 (optional): Creating an Allow Rule for Specific Users

4a: Direct your web browser to Firewall > Access Rules 

4b: Check “View Style: Drop-down Boxes”

4c: Choose “From Zone:” LAN and “To Zone:” WAN 

4d: Click “OK”

4e: Click “ADD” 

4f: Select the “Action: Allow” in the “Add Firewall Rule” pop-up (this is default) 

4h: Select “Source: Any” 

4i: Select “Destination: Blocked Domains” 

4j: Select “Users Allowed: your user or user group” 

4k: Click ADD 

Note: User management Including Single Sign On with Active Directory is covered in the Enhanced Firmware

Admin guide and the Single Sign on Feature Module.

6 

8/6/2019 Domain Access Control Using SonicWALL UTM

http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 7/8

Option Two: Access Control Through the Forbidden Domains Option Within the Content Management Security Service

Note: A lisence for content management is reccomended but not required for use of this feature.

Step 1: Configuring CFS Forbidden Domains

1a: Direct your web browser to Security Services > Content Filter

1b: Select SonicWALL CFS from the drop-down (default)

1c: Click Configure

1d: Select the “Custom List” tab

1e: Click the “Add” button from below the “Forbidden Domains” box

7 

8/6/2019 Domain Access Control Using SonicWALL UTM

http://slidepdf.com/reader/full/domain-access-control-using-sonicwall-utm 8/8

1f: Enter the domain name you wish to block in the “Add a Forbidden Domain Entry” pop up box

1g: Click “OK”

Note: CFS will block any child domain below the parent specified. For example www.mydomain.com will beblocked if mydomain.com is specified.

Checking Your ConfigurationLog out of the SonicWALL and direct your web browser to any blocked domain. If you have chosen the CFS Forbidden

domains option a block page should be displayed:

Note: It is important that you log out of the management interface before testing. The test can aslo be perforemed

from another computer.

8