Blocking the Access to Sina Microblogs
This section describes how to apply the application identification function on the FW to disable intranet users from accessing Sina microblogs.
Faced Problems
As shown in Figure 1, an enterprise deploys the FW as a gateway to connect the intranet to the Internet.
Intranet users access Sina microblogs, affecting the working efficiency and bringing about legal risks (browsing and dissemination of illegitimate information).
Solution
With the application identification function, the FW can identify the traffic sent by intranet users to access Sina microblogs. Set the application to Sina microblog and the action to deny in the security policy to disable intranet users from accessing Sina microblogs.
Click Add, select Add Security Policy. Set matching conditions for the security policy as required and set the action to deny.
When setting the application matching condition for the security policy, use keyword sina to rapidly locate and select the application.
Set security policy parameters as follows:
Name policy1 Source Zone trust Destination Zone untrust Source Address/Region 192.168.0.0/255.255.255.0 Application Sina_WeiBo Action Deny - Click OK.
Verification
Intranet users cannot access Sina microblogs.
Configuration Scripts
The configuration script related to the example is as follows:
# security-policy rule name policy1 source-zone trust destination-zone untrust source-address 192.168.0.0 mask 255.255.255.0 application app Sina_WeiBo action deny #