For our deployment we want all WAN traffic blocked, but a specific website should remain accessible. What we are doing now is using traffic rules, but they only work on based on IP and this is not ideal. The ip of the web will (hopefully) not change in the future it is not a robust solution, is it somehow possible that we block all WAN traffic, but still allow traffic to that website based on a DNS name?
We could use a webfilter to whitelist that site, but i don’t think this will block all WAN traffic excluding that website. Any suggestions are welcome!
Hello,
Web Filter has a specific mode called “Allowlist” which enables access to the domains you have specified, while blocking everything else on a domain level.
Of course, if you initiate connections by making requests to particular IP addresses, the traffic will not be blocked.
But if HTTP(S) traffic is all you need, you can supplement Web Filter with additional firewall traffic rules dropping connections from LAN network to WAN to particular applications that use well known ports (FTP-21, Telnet-23, SSH-22, etc.)
Best regards,
Hi,
Ah alright, aah yes that is ofcourse also a option. I will investigate this further, thanks for you for the suggestion! 