No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>


To have a better experience, please upgrade your IE browser.


When the Firewall is Deployed on the Intranet, Users can Only Access Web page Policies, but not External Web Sites

Publication Date:  2012-07-25 Views:  63 Downloads:  0
Issue Description
The customer network is connected to the Internet through the USG2210. It is required that intranet users access only the Internet, but not other services. However, after the configuration is complete, intranet users cannot access external Web sites.
Alarm Information
Handling Process
1. When the user accesses the external Web site, check the session table. Only HTTP access entries can be queried.
2. Query the ACL rule for interzone packet filtering. This ACL allows the access of WWW only.
            acl number 3005
            rule 10 permit tcp source destination-port eq www
            rule 500 deny ip source
3. Modify the ACL rule, and allow the DNS access. External Web pages can be accessed and the customer's requirement is met.
       rule 15 permit tcp source destination-port eq dns
Root Cause
In the ACL rule for the interzone packet filtering, only WWW is allowed through, but there is no DNS. As a result, Web pages cannot be resolved.
During the packet filtering, the DNS is always ignored. You are advised to consider the hidden access.