?
Solved

How to read the rules on a sonic wall firewall

Posted on 2007-11-20
15
Medium Priority
?
696 Views
Last Modified: 2008-03-19
Can you provide a generic screen shot of a SonicWall firewall access rules.

How do I know that my network is protected based on the rules?

Thanks
0
Comment
Question by:mutec1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 2
15 Comments
 
LVL 15

Expert Comment

by:getzjd
ID: 20322259
If you look at the WAN --> lan section.  This is where you allow/deny traffic inbound.

http://www.4shared.com/file/29885406/83d0f4ac/sonicwall1.html   Click on the picture for a full view

This is a basic setup.  I only allow vpn traffic and management of the firewal.  The management of the sonicwall externall is restricted to only my Home IP  address.

No other ports should be opened.

0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322261
<a href="http://photobucket.com" target="_blank"><img src="http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg" border="0" alt="Photo Sharing and Video Hosting at Photobucket"></a>
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322264
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 
LVL 13

Expert Comment

by:cshepfam
ID: 20322270
disregard those last two
<a href="http://photobucket.com" target="_blank"><img src="http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg" border="0" alt="Photo Sharing and Video Hosting at Photobucket"></a>

Open in new window

0
 
LVL 15

Expert Comment

by:getzjd
ID: 20322273
Keep in mind you may notice differences between the sonicwall standard and Enchanced OS
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322276

[IMG]http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg[/IMG]

Open in new window

0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322282
how bout i just give u a direct link..lol.  I was tryin to paste the picture on here

http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322291
its simple, just choose allow or deny


pick the service you want to allow (such as smtp port 25) or deny (such as ICMP)

the rest is self explanatory
0
 

Author Comment

by:mutec1
ID: 20322438
What does

Priority source destination Service Action Options Enable configure
10        OPT       WAN       ANY      Allow                  X
11          wan     OPT         ANY       Deny                  X

What does OPT mean ?
What does Wan mean ?
0
 
LVL 15

Expert Comment

by:getzjd
ID: 20322463
OPT is the OPT port on the back of the firewall.  This is an optional port which is not active on some models.

WAN is the wide area networking port on the back of the firewall or put simply.. the Internet

These rules state
10.  that any traffic/any service originating on the OPT port may be sent to the wan port
11. Any traffic/any service originating from the WAN ( Internet) will NOT be send to the OPT port
0
 
LVL 15

Expert Comment

by:getzjd
ID: 20322474
Opt port is usually used in sonicwall enchanced OS for things like load balancing between dual network (internet) connections etc
0
 
LVL 13

Accepted Solution

by:
cshepfam earned 2000 total points
ID: 20322528
Okay, here's what you need to know:


1. LAN - Local Area Network.  This is computers on YOUR physical network.  They are connected through Ethernet.  

2. WAN - Wide Area Network.  This is computers with a wireless access and computers accessing your network from external sources such as someone's home.

3. OPT - Already explained.


In setting up rules you have Allow and Deny.  You want to Deny external (WAN) computers from accessing your network using ICMP.  In this scenario, you are DENYing ICMP.  The source is ANY, the destination is ANY or *.  That means nobody from the outside will be able to ping anything on your network.


Thats just a scenario.  Just think of it like that.


Now lets say you have an external server such as a web server or mail server, on the sonic firewall you would have to create a One to One NAT.  That will allow outside sources to hit your server.

We'll get into that when you need it, lets just focus on the task ahead
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322545
0
 
LVL 15

Expert Comment

by:getzjd
ID: 20322559
Why do a one to one nat?  Simply do port forwarding for services such as port 80 for web and port 25 for SMTP mail traffic.

WAN - Wide Area network.  These computers are anything outside of your local area network. Internet etc
0
 

Author Comment

by:mutec1
ID: 20842108
What does Untrust Intra-zone policy mean.

For example:
Source  Destination      serfvice       action
any            any                     any           green check mark


What is RDP?
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses
Course of the Month8 days, 18 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question