[NEBULA] Can NSG100 block user access to certain website?

JINHANG
JINHANG Posts: 10  ZCNE Certified
First Comment Second Anniversary ZCNE Security Level 1 Certification - 2019 ZCNE Nebula Level 1 Certification - 2019
edited April 2021 in Nebula
Can NSG100 block user access to certain website eg facebook?

Comments

  • Nebula_Bayardo
    Nebula_Bayardo Posts: 179  Zyxel Employee
    5 Answers First Comment Friend Collector Seventh Anniversary
    Hi JINHANG!
    Yes, you can block the access for defined IP addresses. Similar as in the other thread, once you have identified the IP address or network that you want to block, you can create an application profile for the Facebook category with action Drop/Reject and create the outbound rule with the specific source IP address. In case you have more outbound rules, be sure to place this outbound rule on top of others that allow traffic from any source.
  • newtype
    newtype Posts: 29  Freshman Member
    First Comment Friend Collector Sixth Anniversary Nebula Gratitude
    can i block the website by domain name ? cause nowadays a website can end up with many IP addresses.
  • Nebula_Bayardo
    Nebula_Bayardo Posts: 179  Zyxel Employee
    5 Answers First Comment Friend Collector Seventh Anniversary
    @newtype
    For security reasons, blocking using domain name is not available. If someone could change your DNS it would suddenly open gaping holes in your firewall to stuff you didn't want accessible, and since a lot of people don't treat DNS servers as a very 'securable' system, it is a low-hanging fruit.

    To address the many IP addresses issue in a more secure way, the NSG uses application patrol which also simplify settings by updating signatures every day.
  • newtype
    newtype Posts: 29  Freshman Member
    First Comment Friend Collector Sixth Anniversary Nebula Gratitude
    @Nebula_Bayardo
    I don't quite get your saying about security reasons ..
    in your USG today, you have walled garden, so it's just turned that around to become black list. then you can be more friendly to achieve "block user to certain website". please consider it ~
  • Nebula_Bayardo
    Nebula_Bayardo Posts: 179  Zyxel Employee
    5 Answers First Comment Friend Collector Seventh Anniversary
    Hi @newtype the walled garden limit the access to those web sites listed, prior to an authentication process (Captive portal), but does not block access by user as specified by JINHANG. It would work when you want to limit the access for certain users connected to a specific interface, but once the users have logged in, the walled garden doesn't take effect anymore.

    BTW, here's a sneak peek :smiley: , our NSG100 will be able to configure walled garden in Phase II launching in May this year!
  • Nebula_Bayardo
    Nebula_Bayardo Posts: 179  Zyxel Employee
    5 Answers First Comment Friend Collector Seventh Anniversary
    hey @newtype I've read your comment again and got your point! Yes, it's sounds like a good idea to reverse the walled garden function to become a "black list".
    Would you mind to re-post this fantastic suggestion to "Ideas" category where other users can support you by giving your post a Like :+1: ? I can do it for you if you are agree!
  • newtype
    newtype Posts: 29  Freshman Member
    First Comment Friend Collector Sixth Anniversary Nebula Gratitude
    Sounds cool! Please go ahead ~
  • Nebula_Bayardo
    Nebula_Bayardo Posts: 179  Zyxel Employee
    5 Answers First Comment Friend Collector Seventh Anniversary
    @newtype I have posted your idea, go and give it a Like! :smiley:
    Thanks for your support to make Nebula even better!

Categories

Nebula Tips & Tricks


    Read more

    Nebula Help Center

    EnglishTiếng ViệtРусскийไทย中文(台灣)