Can I restrict a single computer to a single website?

Options
bwoolley
bwoolley Posts: 10 image  Freshman Member
First Comment First Anniversary
in Security

I need to block access to all websites except for one specific site, but this restriction is only needed on one computer. Can a Web Content Filter profile be applied to just one client?

All Replies

  • PeterUK
    PeterUK Posts: 4,464 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    edited April 22

    Currently there is no On site reputation filter allow list only
    https://community.zyxel.com/en/discussion/31412/on-site-reputation-filter-allow-list-only
    or a way to do Web Content Filter allow list only from what I can tell as it meant to be a block Filter on Content to then allow exceptions.

    Some thing I have been doing that you can do if you make this one client by fixed IP or DHCP IP MAC binding is WILDCARD FQDN depending on the firewall model your using Currently you can do like *grc.com or grc.com and *.grc.com and make a group list of these WILDCARD FQDN so that you can make a policy control rule to block from LAN to WAN source IP of client then a from LAN to WAN source IP allow rule for DNS NTP and anything else then a from LAN to WAN source IP allow rule for HTTPS and the destination WILDCARD FQDN group.

    Now when the client does DNS in the clear (not encrypted) the USG will see the DNS and add IP's to the WILDCARD FQDN to then allow under the rule

    Note that some sites have 3rd party links and if you don't allow them the browsing can be slow

  • PeterUK
    PeterUK Posts: 4,464 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    edited April 22

    delete

  • PeterUK
    PeterUK Posts: 4,464 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    edited April 22

    delete

  • Zyxel_Judy
    Zyxel_Judy Posts: 2,394 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @bwoolley ,

    As requested, the following example demonstrates how to restrict a single computer to access only one specific website, while allowing all other computers on the network to browse freely.

    Scenario:

    • LAN 1, Subnet 192.168.1.0/24 can access all websites
    • 192.168.1.100 (Client A) is restricted to www.zyxel.com only

    Solution:

    Go to Configuration > Security Policy > Policy Control and add the following rules in the exact order listed:

    Rule

    From

    To

    Source

    Destination

    Action

    Rule 1

    LAN1

    WAN

    192.168.1.100

    www.zyxel.com

    Allow

    Rule 2

    LAN1

    WAN

    192.168.1.1192.168.1.99

    Any

    Allow

    Rule 3

    LAN1

    WAN

    192.168.1.101192.168.1.254

    Any

    Allow

    Rule 4

    LAN1

    WAN

    192.168.1.0/24

    Any

    Deny

    Before configuring the rules, go to Configuration > Object > Address/GeoIP > Address to create the address objects required for the rules above.

    Note: Ensure that Client A (192.168.1.100) is assigned a static IP address so that the policy is applied consistently.

    Zyxel_Judy

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)