How to build HTTP and HTTPS polices to use Webblocker and deny access based on Source IP Network/address or IP range
This is a quick published article that doesn’t include much detail but will give you very helpful hints.
WatchGuard uses Proxy settings to achieve such resolution. WatchGuard can act as a proxy to intercept HTTP/HTTPS requests in order to allow or deny access to sites based on source or destination networks or ports according to Policies built on it
When you choose to create a new policy in WatchGuard, you can choose it to be a packet filter (normal non-proxy rule), or a proxy policy. Now, create an HTTP-Proxy rule that includes that source network you want to apply the web-blocker to. Build another HTTPS-Proxy rule and apply it to that network, the same way. Then you can build two HTTP and HTTP (non-proxy rules, i.e packet filter) above them to allow other networks to bypass proxy policies that web blocker depends on. In the source network address of the non-proxy rules list only the networks that the proxy won’t apply to.
Now, instead of using a Web browser to access and manage the WatchGuard XTM/UTM admin portal, download and install WatchGuard System Manager… It’s much easier to work with and build the rules/policies what you want to.
After that, login in using the WatchGaurd System Manager, and from Tools menu click on Policy Manager to launch it. From Policy Manager click on Subscription Services, then WebBlocker and activate it.
Leave a Reply
Want to join the discussion?Feel free to contribute!