Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jason_Smith3
Participant

IoT / Printers limiting Internet access

So I have devices that need internet but only to specific sites.  Problem is those sites are on cloud servers and arent using a specific IP range.  

Example - Xerox printer need to get to xerox for updates but no where else on the internet.  Xerox is running it's servers on AWS and do not have a specific IP or IP range..

So how would you go about blocking ALL internet traffic except certain "named" websites.  Could I block all traffic to the internet in FW rules but then still allow access by group in App Control Blade?  I haven't been able to get that to work right.

Interested in others thoughts!

3 Replies
Kaspars_Zibarts
Employee Employee
Employee

Use domain objects. The best thing that happened with R80.10    as long as you don't require wildcard. Else dynamic objects can be option

Domain Objects in R80.10 and above 

Dor_Marcovitch
Advisor

If you can identify the printers ip/network ranges/access roles than you are good wuth the source.

Regarding the destination check what kind of traffuc they are initiating.

It will probably be http/https traffic than just build an application and url filtering policy for those specific urls or domains.

Daniel_Kavan
Advisor

So, I can see how the firewall would be able to stop inbound/outbound INTERNET traffic for the IOT device, but what about internal traffic?  Are some companies putting IOT devices in a DMZ or adding an internal firewall or does adding the IOT agent on the IOT device inspect the SSH traffic to the IOT device?

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events