Question Access to all websites in a firewall domain

Toggle sidebar Toggle sidebar
Status
Not open for further replies.
M

majjji

Junior Member
Nov 9, 2019
3
0
6
Dear Experts,

I am a beginner and have recently started learning networking and also working in a networking domain. My domain consists of Core>Distribution>Access architecture. We have one firewall as well which is also acting as a router too for up-link to the ISP network. At this firewall, many websites like Youtube.com and Facebook.com have been blocked. I have read that employees can get access to all these social websites if one private IP is allocated to them by the network admin. I want to understand that how this setting work? Where will the network admin add this IP (i.e. in distribution switch, core switch or firewall) and also will this be a static route addition to the network? Also how will the traffic move to and from this IP when all other network IPs have 0 access to these website. Please let me understand this setting as I am really confused and I want to learn about it.
 
S

SamirD

Golden Member
Jun 12, 2019
1,489
276
126
www.huntsvillecarscene.com
This is a really generic answer because a specific answer depends on all the hardware and software involved.

Generally, you don't mess with any network level stuff like routes when dealing with what is essentially part of the UTM part of a firewall/router. Now each of these devices is completely different, but there basically is a place where an IP can get 'whitelisted' for full access.
 
M

majjji

Junior Member
Nov 9, 2019
3
0
6
SamirD said:
This is a really generic answer because a specific answer depends on all the hardware and software involved.

Generally, you don't mess with any network level stuff like routes when dealing with what is essentially part of the UTM part of a firewall/router. Now each of these devices is completely different, but there basically is a place where an IP can get 'whitelisted' for full access.
Click to expand...
Yes I know that these devices are sensitive and should be handled with much care. But you mean to say that the place where an IP gets whitelisted is on the firewall?
 
S

SamirD

Golden Member
Jun 12, 2019
1,489
276
126
www.huntsvillecarscene.com
majjji said:
Yes I know that these devices are sensitive and should be handled with much care. But you mean to say that the place where an IP gets whitelisted is on the firewall?
Click to expand...
It sounds like you're trying to hack around something that doesn't allow you to visit those sites. If your admin has done their job, everything that would allow you to do that is blocked and the admin who controls the router/firewall will be the only one to change that.
 
M

majjji

Junior Member
Nov 9, 2019
3
0
6
Well my question was all about the issue that I have raised. Don't try to judge
SamirD said:
It sounds like you're trying to hack around something that doesn't allow you to visit those sites. If your admin has done their job, everything that would allow you to do that is blocked and the admin who controls the router/firewall will be the only one to change that.
Click to expand...
Don't judge people by starting with "It sounds like...." My question has a very straightforward query. If you're not good at answering the question, please leave the space for someone else to answer it more logically and positively. Thanks for your response.
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
If you are working in a network group in your company, then your company should train you about networking.

Your company blocking employees the access to social sites apparently doesn't want its employees spend time on the sites that will reduce employees' efficiency.

The privilege to access certain sites is definitely only for certain people inside your company. Trying to access all websites using company's equipment will violate your company's policy and get you into trouble.

There are too many ways, too many devices/firewalls, too many softwares to achieve the IP/domain blocking functionality. No one can tell you exactly how it's done.

Or you can start with software based firewall pfsense, ipfire, ipcop, sophos, etc, (free) on x86 machines if you want, at home, if your company doesn't want to train you.

Watch some firewall tutorials on youtube, there are plenty of them.

==

If you are onto Cisco stuff, there are some emulators too.

www.cbtnuggets.com

5 Best Network Simulators for Cisco Exams: CCNA, CCNP, and CCIE

A comprehensive review of the top Cisco network simulators and emulators — Packet Tracer, Boson NetSim, GNS3, VIRL, and EVE-NG. Continue Reading
www.cbtnuggets.com www.cbtnuggets.com
 
Last edited:
  • Like
Reactions: SamirD
S

SamirD

Golden Member
Jun 12, 2019
1,489
276
126
www.huntsvillecarscene.com
majjji said:
Well my question was all about the issue that I have raised. Don't try to judge

Don't judge people by starting with "It sounds like...." My question has a very straightforward query. If you're not good at answering the question, please leave the space for someone else to answer it more logically and positively. Thanks for your response.
Click to expand...
No need to get huffy. Like I said, if the admin did their job, there's not going to be a way to circumvent the protections besides getting whitelisted.
 
E

Eric Fazekas

Member
Jun 27, 2017
43
10
81
majjji said:
Dear Experts,

I am a beginner and have recently started learning networking and also working in a networking domain. My domain consists of Core>Distribution>Access architecture. We have one firewall as well which is also acting as a router too for up-link to the ISP network. At this firewall, many websites like Youtube.com and Facebook.com have been blocked. I have read that employees can get access to all these social websites if one private IP is allocated to them by the network admin. I want to understand that how this setting work? Where will the network admin add this IP (i.e. in distribution switch, core switch or firewall) and also will this be a static route addition to the network? Also how will the traffic move to and from this IP when all other network IPs have 0 access to these website. Please let me understand this setting as I am really confused and I want to learn about it.
Click to expand...

If your domain is using a firewall to block websites instead of a proxy server (they shouldn't) then they're blocking traffic from internal traffic to the categories they select in the firewall settings. I think when you say "private IP" you mean a "static IP" as opposed to one provided by DHCP. Then your network / firewall team would add that static IP (same provided to your workstation all the time) into an exemption group that would go around the Firewall's rules.

I think in your head, it's harder than it actually is....but you have to have access to the firewall GUI, and based on how you're asking the question, I hope you don't.
 
Status
Not open for further replies.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom