Hello Geeks please help I have barracuda ng firewall 200 and I want to block access to a website this one http://www.oogle.com because lan user by mistakes they type http://www.oogle .com not www.gogle.com. I checked and found IP of this site and entered rule firewall to block trusted to the IP of http://www.oogle.com block. when I type website url http://www.oogle.com it can acess with no problem when I do by IP isn't working.How can I block URL local from NG firewall.(I don't have web flex.) Please help.
Posted 22 December 2014 - 02:11 PM
you have some possibilities to achieves a block of www.oogle.com.
The easiest one will be to create a DNS Object Object for "www.oogle.com"
Open your Ruleset -> Firewall Objects -> Networks -> Right Click -> New
Choose Hostname (DNS Resolved) as Type and enter "www.oogle.com" as Name. Hit OK.
The NG should constantly resolve www.oogle.com and it current IP address.
Now you can use this object as a destination in a firewall rule. Theis one must be above the rule where you allow your outgoing web traffic.
Posted 22 December 2014 - 04:18 PM
Still didn't work Thank you Michael for your advice :
I did like that I went to Firewall objects ->under Static I right click then NEW Type I put Hostname DNS Resolved then on name I put http://www.oogle.com DNS lifetime (sec) I left 600
then under Include entries I added the IP 18.104.22.168 which is http://www.oogle.com
then I went to access Rule
created a new rule I used Block then at source I put our Trusted network : Service I put all : Destination I press drop down arrow I selected
the object http://www.oogle.com under it appear 22.214.171.124 then I put the rule on top this is the first rule from top to bottom send changes then activated
Went to my local computer typed IP 126.96.36.199 it went to block)
if I put on web browser http://www.oogle.com it went to(it didn't block anything)
When I looked on history I see that it use the rule trusted to world 0.0.0.0 which is under block rule I created above.
then I used denied rule is the same thing.
It looks like it can't see the rule .
Any other ideas. I hope I was explicit.
Posted 29 December 2014 - 03:11 AM
if the wrong rule is matching, any of the conditions source IP, service or destination IP is not matching. What IP Addresses do you see on the history? Does the correct rule match if you use the "Rule Tester" inside the Forwarding Firewall Ruleset?
Posted 07 January 2015 - 08:46 AM
Are you sure your PC is part of the trusted Network range?
Posted 21 January 2015 - 11:27 AM
First thing - when using "Hostname" type network objects, you do not need to include any IP addresses manually. That's the whole point of using DNS in firewall ruleset, right?
Second - to make this type of network object work, your NG must be able to resolve domain names (if your PC can resolve address, even using NG as a DNS server, it does not mean your NG can). This can be verified in Firewall > Dynamic > Dynamic Rules (bottom part, you should see www.oogle.com and its IP address).
BTW, alternative way to block a website is to use a Custom Application in Application ruleset (in this case you can block only http/https traffic)
Posted 07 November 2016 - 07:20 AM
Ok...sorry to bring up an old thread but this is exactly what I am trying to do. And I am pulling my hair out because it really shouldn't be this difficult.
I have tried all the usual (add the IP / URL to a new Block rule etc) ways but it still let me access the website. All I want to do is be able to say 'Hey, NG-F201, block access to www.dailymail.co.uk at all times please. Thank you'
But it won't. Sometimes after I have added a rule it takes ages to load the page, but it still loads eventually. I have added an application rule:
Block Application:Any URL Filter Match:Any Content:Any User:Any Schedule:Any Action:Deny URL Filter:N/A Source:Any Destination:www.dailymail.co.uk
Now that should block all users access to that site at all times, yes? It doesn't.
I have worked in IT for years now and even though I am not a network expert, I am usually OK at figuring these things out...but not this firewall. The UI is one of the worst I have ever used if I'm honest, it's just not user-friendly in the least.
Posted 08 November 2016 - 02:56 AM
If you have a licensed URL Filter,
- Configure URL Filtering in the Firewall: https://campus.barra...gURLFiltering/
- Create a URL Filter Policy Object and as a custom URL enter dailymail.co.uk in the block section. https://campus.barra...RLPolicyObject/
- Create an access rule matching the HTTP traffic of your clients and enable Application Control and URL Filter
- Create an application rule matching the same HTTP traffic of your clients. Use Any as the application and in the Policies section select the URL filter object with the custom URL you just created.
- Clear your browser cache and try to access the site, you are redirected to a custom block page.
Go to the Firewall > Live and Firewall > History pages and filter your connection to check which access rule and application rule matches the traffic going to the site.
Alternative: You could also use DNS Interception,but using the URL Filter would definitely be the preferred method. If you decide to use DNS Interception, be sure to clear ALL DNS Caches (internal DNS server / Client / browser) when testing.
Posted 08 November 2016 - 05:45 AM
OK...I think I finally got it working - thank you.
I'm still playing about with adding further URLs to the same filter object, and I have to set the time object correctly, but I think we might be on the right track at last. I think my issues were based around the fact I was trying to just have a rule that simply said block access to www.website.com whereas I have to create custom filter objects with the right URL and add it into an application policy that is then applied to an access rule.
Posted 09 November 2016 - 11:47 AM
Instead of blocking individual URL's it is much better to use the Webfilter which is included in the energize Update.
E.g. www.oogle.com is classified as pornography by Barracuda: http://barracudacentral.org/lookups/lookup-reputation
So if you use the Webfilter and block categorie pornography then you don't just block www.oogle.com but all the othe "unwanted" websites.
And you still can add single websites under custom URLs/Allow/Block list if needed.
Posted 10 November 2016 - 04:36 AM
I think I spoke too soon...
I have followed, I think, all the instructions from the various links.
I have an Access Rrule in place (LAN-2-INTERNET) that governs our main web traffic. This has URL filtering enabled under Application Policy. The rest of the rule is:
Action: Pass Dynamic SNAT Service: ALL Source: Trusted LAN Networks Destination: Internet 0.0.0.0/0 AppControl: URL Filter Schedule:Always
I have then gone into Application Rules and added one like this:
Application: Any URL Filter: Any Content: Any User:Any Action:Pass URL Filter policy: 'worthless' Time Objects: Office hours Source:Trusted LAN Destination: Any 0.0.0.0/0 URL Filter matching: Any Protocol: Any Content:Any Dynamic:Yes
...yet it still doesn't work. The 'worthless' URL Filter object only contains a few URLs but this rule blocks none of them.
Please...what have I got wrong? Even if I change it to Always on, not Dynamic it will still fail to do anything. I can open a browser and type in a URL that exactly matches one int he filter policy and it will just open right up, like the rule isn't even there.
Posted 10 November 2016 - 04:59 AM
A couple of things to check:
* Is the Energize Update subscription valid? (without it the URL filter is not licensed)
* Do not use "dynamic". Dynamic would mean that you can enable /disable the rule via SSL VPN/ NG Admin without access to the ruleset. This is normally used for things like toggling temporary management access.
* check that the time/timezone on the firewall is correct and that you have configured an NTP server to keep the time current. If the time is off, your schedule object may not work as you would expect it to.
I would recommend that you contact Barracuda technical support. They can look at your setup and assist you to get this working!
Posted 10 November 2016 - 05:27 AM
Energise update is valid until 2017, like the URL filter.
I used Dynamic because of this link, where it says to do so:
"Defines the time policy that will be assigned to the marked time intervals in the calendar below. SetAllow means, that the according firewall rule (with enabled Dynamic Rule checkbox) is activated for the defined time period."
...but I have set it to Always and it still doesn't work.
The timezone is OK and I have configured two NTP servers.
I'll keep playing and then contact support if I can't get it to work...
Posted 10 November 2016 - 05:39 AM
Sorry for the misleading information in the article. I corrected the campus article. Dynamic has nothing to do with time objects. Since 5.4. is no longer supported (i.e. not receiving security fixes) I would also highly recommend updating to one of the currently supported firmware versions (6.0 / 6.2 / 7.0).