Determining Active Sessions

Good day!

Purpose: To be able to filter inbound and outbound access

Situation/Problem: I believe we are able to see active sessions in Peplink but do we have a way to know or log the websites and ports being visited by the clients? We only have a couple of production sites but the problem is they are unable to provide me with their IP and ports so I will just have to figure it out myself or at least with your help.

Note:

VoIP provider: Amazon connect through Kustomer
Office productivity sites: Gsuite apps and Office 365
Company Website: I already have the info

I understand some of these websites are using dynamic or a range of IP address but I am hoping to have at least 80% of the sites we are visiting configured in our inbound firewall rule.

I am having a hard time understanding your question. Matching website name to IP address is not as straightforward as you would think. Reverse DNS lookups are all but useless most of the time. You might want to look at the DNS logging options – you could potentially see what website names people are trying to get to, but it would be cumbersome.

The part that is most confusing is that you are asking for external IP addresses so that you can create inbound firewall rules. Most websites don’t initiate a connection to your LAN, your LAN clients are initiating the connection. So when a client requests google.com, that is outbound traffic; the returning traffic is automatically allowed since it was initiated from your LAN. That is how stateful firewalls work, so there isn’t a need to ALLOW google to connect back to your LAN.

You would use an inbound firewall rule if you want devices on the internet to establish connections to devices on your LAN. For example, you have a web server on your LAN that listens for requests on port 80 and you want people from the internet to be able to get to it – you would ALLOW port 80 from ANY source to the LAN IP address of your web server. If you are doing many to 1 NAT, you would most likely need a port forwarder set up too.

If your goal is to block clients on the LAN from visiting any website that you don’t approve of, you would actually create OUTBOUND firewall rules to allow/deny the traffic. Is that what you are after?

1 Like

Hi jmjones, thanks for your input. As for the purpose, yes partly I am trying to block some of the websites but not everything plus I am asking or mentioning the inbound firewall rule so I can set a default rule to block all incoming connections and just allow whatever we use in the production floor. If I only use the outbound firewall rule, that would not be the case right? Sorry if it confused you but this may be a combination of outbound and inbound firewall rules I need to set but we really need to deny any inbound traffic that should not be coming in our network.

You will need a dedicated firewall device such as Untangle that we use, or one of many other options. To simply log web browsing traffic I think you can do that with the free version of Untangle.

1 Like

That would be my other option but for the meantime, I’m looking to have this implemented in Peplink. We also have a Unifi USG and switches. We are continuing to use Peplink as some of the features in USG are easier to implement in Peplink GUI. Thank you.

1 Like