Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to read the rules on a sonic wall firewall

Posted on 2007-11-20
15
690 Views
Last Modified: 2008-03-19
Can you provide a generic screen shot of a SonicWall firewall access rules.

How do I know that my network is protected based on the rules?

Thanks
0
Comment
Question by:mutec1
  • 8
  • 5
  • 2
15 Comments
 
LVL 15

Expert Comment

by:getzjd
ID: 20322259
If you look at the WAN --> lan section.  This is where you allow/deny traffic inbound.

http://www.4shared.com/file/29885406/83d0f4ac/sonicwall1.html   Click on the picture for a full view

This is a basic setup.  I only allow vpn traffic and management of the firewal.  The management of the sonicwall externall is restricted to only my Home IP  address.

No other ports should be opened.

0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322261
<a href="http://photobucket.com" target="_blank"><img src="http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg" border="0" alt="Photo Sharing and Video Hosting at Photobucket"></a>
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322264
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 13

Expert Comment

by:cshepfam
ID: 20322270
disregard those last two
<a href="http://photobucket.com" target="_blank"><img src="http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg" border="0" alt="Photo Sharing and Video Hosting at Photobucket"></a>

Open in new window

0
 
LVL 15

Expert Comment

by:getzjd
ID: 20322273
Keep in mind you may notice differences between the sonicwall standard and Enchanced OS
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322276

[IMG]http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg[/IMG]

Open in new window

0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322282
how bout i just give u a direct link..lol.  I was tryin to paste the picture on here

http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322291
its simple, just choose allow or deny


pick the service you want to allow (such as smtp port 25) or deny (such as ICMP)

the rest is self explanatory
0
 

Author Comment

by:mutec1
ID: 20322438
What does

Priority source destination Service Action Options Enable configure
10        OPT       WAN       ANY      Allow                  X
11          wan     OPT         ANY       Deny                  X

What does OPT mean ?
What does Wan mean ?
0
 
LVL 15

Expert Comment

by:getzjd
ID: 20322463
OPT is the OPT port on the back of the firewall.  This is an optional port which is not active on some models.

WAN is the wide area networking port on the back of the firewall or put simply.. the Internet

These rules state
10.  that any traffic/any service originating on the OPT port may be sent to the wan port
11. Any traffic/any service originating from the WAN ( Internet) will NOT be send to the OPT port
0
 
LVL 15

Expert Comment

by:getzjd
ID: 20322474
Opt port is usually used in sonicwall enchanced OS for things like load balancing between dual network (internet) connections etc
0
 
LVL 13

Accepted Solution

by:
cshepfam earned 500 total points
ID: 20322528
Okay, here's what you need to know:


1. LAN - Local Area Network.  This is computers on YOUR physical network.  They are connected through Ethernet.  

2. WAN - Wide Area Network.  This is computers with a wireless access and computers accessing your network from external sources such as someone's home.

3. OPT - Already explained.


In setting up rules you have Allow and Deny.  You want to Deny external (WAN) computers from accessing your network using ICMP.  In this scenario, you are DENYing ICMP.  The source is ANY, the destination is ANY or *.  That means nobody from the outside will be able to ping anything on your network.


Thats just a scenario.  Just think of it like that.


Now lets say you have an external server such as a web server or mail server, on the sonic firewall you would have to create a One to One NAT.  That will allow outside sources to hit your server.

We'll get into that when you need it, lets just focus on the task ahead
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322545
0
 
LVL 15

Expert Comment

by:getzjd
ID: 20322559
Why do a one to one nat?  Simply do port forwarding for services such as port 80 for web and port 25 for SMTP mail traffic.

WAN - Wide Area network.  These computers are anything outside of your local area network. Internet etc
0
 

Author Comment

by:mutec1
ID: 20842108
What does Untrust Intra-zone policy mean.

For example:
Source  Destination      serfvice       action
any            any                     any           green check mark


What is RDP?
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question