No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

When the Firewall is Deployed on the Intranet, Users can Only Access Web page Policies, but not External Web Sites

Publication Date:  2012-07-25 Views:  35 Downloads:  0
Issue Description
The customer network is connected to the Internet through the USG2210. It is required that intranet users access only the Internet, but not other services. However, after the configuration is complete, intranet users cannot access external Web sites.
Alarm Information
None.
Handling Process
1. When the user accesses the external Web site, check the session table. Only HTTP access entries can be queried.
2. Query the ACL rule for interzone packet filtering. This ACL allows the access of WWW only.
            acl number 3005
            rule 10 permit tcp source 192.168.0.0 0.0.0.255 destination-port eq www
            rule 500 deny ip source 192.168.0.0 0.0.0.255
3. Modify the ACL rule, and allow the DNS access. External Web pages can be accessed and the customer's requirement is met.
       rule 15 permit tcp source 192.168.0.0 0.0.0.255 destination-port eq dns
Root Cause
In the ACL rule for the interzone packet filtering, only WWW is allowed through, but there is no DNS. As a result, Web pages cannot be resolved.
Suggestions
During the packet filtering, the DNS is always ignored. You are advised to consider the hidden access.

END