• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 713
  • Last Modified:

How to read the rules on a sonic wall firewall

Can you provide a generic screen shot of a SonicWall firewall access rules.

How do I know that my network is protected based on the rules?

Thanks
0
mutec1
Asked:
mutec1
  • 8
  • 5
  • 2
1 Solution
 
getzjdCommented:
If you look at the WAN --> lan section.  This is where you allow/deny traffic inbound.

http://www.4shared.com/file/29885406/83d0f4ac/sonicwall1.html   Click on the picture for a full view

This is a basic setup.  I only allow vpn traffic and management of the firewal.  The management of the sonicwall externall is restricted to only my Home IP  address.

No other ports should be opened.

0
 
cshepfamCommented:
<a href="http://photobucket.com" target="_blank"><img src="http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg" border="0" alt="Photo Sharing and Video Hosting at Photobucket"></a>
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
cshepfamCommented:
disregard those last two
<a href="http://photobucket.com" target="_blank"><img src="http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg" border="0" alt="Photo Sharing and Video Hosting at Photobucket"></a>

Open in new window

0
 
getzjdCommented:
Keep in mind you may notice differences between the sonicwall standard and Enchanced OS
0
 
cshepfamCommented:

[IMG]http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg[/IMG]

Open in new window

0
 
cshepfamCommented:
how bout i just give u a direct link..lol.  I was tryin to paste the picture on here

http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg
0
 
cshepfamCommented:
its simple, just choose allow or deny


pick the service you want to allow (such as smtp port 25) or deny (such as ICMP)

the rest is self explanatory
0
 
mutec1Author Commented:
What does

Priority source destination Service Action Options Enable configure
10        OPT       WAN       ANY      Allow                  X
11          wan     OPT         ANY       Deny                  X

What does OPT mean ?
What does Wan mean ?
0
 
getzjdCommented:
OPT is the OPT port on the back of the firewall.  This is an optional port which is not active on some models.

WAN is the wide area networking port on the back of the firewall or put simply.. the Internet

These rules state
10.  that any traffic/any service originating on the OPT port may be sent to the wan port
11. Any traffic/any service originating from the WAN ( Internet) will NOT be send to the OPT port
0
 
getzjdCommented:
Opt port is usually used in sonicwall enchanced OS for things like load balancing between dual network (internet) connections etc
0
 
cshepfamCommented:
Okay, here's what you need to know:


1. LAN - Local Area Network.  This is computers on YOUR physical network.  They are connected through Ethernet.  

2. WAN - Wide Area Network.  This is computers with a wireless access and computers accessing your network from external sources such as someone's home.

3. OPT - Already explained.


In setting up rules you have Allow and Deny.  You want to Deny external (WAN) computers from accessing your network using ICMP.  In this scenario, you are DENYing ICMP.  The source is ANY, the destination is ANY or *.  That means nobody from the outside will be able to ping anything on your network.


Thats just a scenario.  Just think of it like that.


Now lets say you have an external server such as a web server or mail server, on the sonic firewall you would have to create a One to One NAT.  That will allow outside sources to hit your server.

We'll get into that when you need it, lets just focus on the task ahead
0
 
getzjdCommented:
Why do a one to one nat?  Simply do port forwarding for services such as port 80 for web and port 25 for SMTP mail traffic.

WAN - Wide Area network.  These computers are anything outside of your local area network. Internet etc
0
 
mutec1Author Commented:
What does Untrust Intra-zone policy mean.

For example:
Source  Destination      serfvice       action
any            any                     any           green check mark


What is RDP?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

  • 8
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now