block websites

sinmi
sinmi Posts: 5
I would like to block websites, I have version usg310. Some help please

Best Answers

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    Answer ✓

    You can use FQDN and add to a group for the policy control as long as you use UDP port 53 DNS and not a browser with DNS over HTTPS.

    Object > addresss/Gep IP



    security policy > policy control


    run cmd

    ipconfig /flushdns

    You can also use the UTM profile content filter


  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    Answer ✓
    I think you can only have a restricted message posted if using the UTM profile content filter

All Replies

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    Answer ✓

    You can use FQDN and add to a group for the policy control as long as you use UDP port 53 DNS and not a browser with DNS over HTTPS.

    Object > addresss/Gep IP



    security policy > policy control


    run cmd

    ipconfig /flushdns

    You can also use the UTM profile content filter


  • sinmi
    sinmi Posts: 5
    Thanks for your prompt response, I did it but it still does not work, my question now is the following, how can I specifically add an IP address to this rule. Sorry for the inconvenience but I am just starting on this topic, and I need guidance, I have reviewed some videos but they are not the same version that I have and the options some are different. Any help is appreciated from now on. What I really want is to add certain computers with IP by department and restrict websites to them.

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited July 2021

    So it didn't work because your from and to could be different? Or your using DNS over HTTPS?

    To block by IP is much the same Object > addresss/Gep IP the add address type host IP like 104.16.249.249 name 104_16_249_249 make a group and add it to the group then security policy > policy control from like LAN1 to OPT with destination you group and deny.


  • sinmi
    sinmi Posts: 5
    edited July 2021
    Thank you very much, this answer helped me to block pages through IP, another query maybe you can help me, when the user enters the blocked page. Can a Restricted message be posted by the technical department? or something like that. Thanks PeterUK


  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    Answer ✓
    I think you can only have a restricted message posted if using the UTM profile content filter

Security Highlight