cannot block the website for a few users on usg firewall

Created: May 14, 2019 19:21:19Latest reply: May 15, 2019 08:50:59 334 11 0 0
  Rewarded Hi-coins: 0 (problem resolved)

to blcok some websites, we created security policy with deny action to do that, but after the security policy being applied, the access to those website can be established. what’s more strange is that only a few users can access to those sites, while others cannot, it seems that this security policy is taking effect, but not for everyone.

  • x
  • convention:

Featured Answers
Admin Created May 14, 2019 19:24:51 Helpful(0) Helpful(0)

Posted by user_3357111 at 2019-05-14 19:24you are right, these guys are using VPN to access the website, how do I block VPNs?
You can enable the security policy based on application. Please refer to this link: http://support.huawei.com/hedex/ ... olicies&lang=en.
  • x
  • convention:

All Answers
chenhui Admin Created May 14, 2019 19:21:52 Helpful(0) Helpful(0)

@user_3357111 hi,
please make sure the security policy blocks all the IP to access the websites, and this blocking security policy is applied before other security policies which may allow the traffic to the blocked websites. otherwise, the traffic which should be blocked may be allowed by other policies.
  • x
  • convention:

kois Created May 14, 2019 19:22:38 Helpful(0) Helpful(0)

Posted by chenhui at 2019-05-14 19:21 @user_3357111 hi,please make sure the security policy blocks all the IP to access the websites, and ...
hi,
I checked the security policy configuration, the blocking policy will be applying before the default permit policy, all the policies on the firewall are configured with action deny, and no special IPs exist, so the situation you talked wouldn’t happed.
#
security-policy
default action permit
rule name deny
source-zone local
source-zone trust
destination-address xx mask xx description blocking website
action deny
……
#
  • x
  • convention:

chenhui Admin Created May 14, 2019 19:22:55 Helpful(0) Helpful(0)

Posted by user_3357111 at 2019-05-14 19:22 hi,I checked the security policy configuration, the blocking policy will be applying before the de ...
well, from your configuration, there should not be any problem, please check the IP address of the users who can access the blocking websites, if their IP addresses are in the truast zone. and I think you should check if there are other IP address which can reaching the blocking websites.
  • x
  • convention:

kois Created May 14, 2019 19:23:19 Helpful(0) Helpful(0)

Posted by chenhui at 2019-05-14 19:22 well, from your configuration, there should not be any problem, please check the IP address of the ...
I checked, only one IP address, any further suggestions?
  • x
  • convention:

chenhui Admin Created May 14, 2019 19:23:31 Helpful(0) Helpful(0)

Posted by user_3357111 at 2019-05-14 19:23 I checked, only one IP address, any further suggestions?
emm… how about checking the terminal users, if they are using third-party software, such as VPN, this kind of software may hide the original IP address, and lead the security policy out of work.
  • x
  • convention:

kois Created May 14, 2019 19:24:09 Helpful(0) Helpful(0)

Posted by chenhui at 2019-05-14 19:23 emm… how about checking the terminal users, if they are using third-party software, such as VPN, ...
OK, I'll check it.
  • x
  • convention:

kois Created May 14, 2019 19:24:38 Helpful(0) Helpful(0)

Posted by chenhui at 2019-05-14 19:23 emm… how about checking the terminal users, if they are using third-party software, such as VPN, ...
you are right, these guys are using VPN to access the website, how do I block VPNs?
  • x
  • convention:

chenhui Admin Created May 14, 2019 19:24:51 Helpful(0) Helpful(0)

Posted by user_3357111 at 2019-05-14 19:24you are right, these guys are using VPN to access the website, how do I block VPNs?
You can enable the security policy based on application. Please refer to this link: http://support.huawei.com/hedex/ ... olicies&lang=en.
  • x
  • convention:

kois Created May 14, 2019 19:25:39 Helpful(0) Helpful(0)

Posted by chenhui at 2019-05-14 19:24 you can enable the security policy based on application, please refer to http://support.huawei.com ...
OK, I'll check that, thanks for your supporting.
  • x
  • convention:

12
Back to list

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top