Solved

How to read the rules on a sonic wall firewall

Posted on 2007-11-20
15
685 Views
Last Modified: 2008-03-19
Can you provide a generic screen shot of a SonicWall firewall access rules.

How do I know that my network is protected based on the rules?

Thanks
0
Comment
Question by:mutec1
  • 8
  • 5
  • 2
15 Comments
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
If you look at the WAN --> lan section.  This is where you allow/deny traffic inbound.

http://www.4shared.com/file/29885406/83d0f4ac/sonicwall1.html   Click on the picture for a full view

This is a basic setup.  I only allow vpn traffic and management of the firewal.  The management of the sonicwall externall is restricted to only my Home IP  address.

No other ports should be opened.

0
 
LVL 13

Expert Comment

by:cshepfam
Comment Utility
<a href="http://photobucket.com" target="_blank"><img src="http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg" border="0" alt="Photo Sharing and Video Hosting at Photobucket"></a>
0
 
LVL 13

Expert Comment

by:cshepfam
Comment Utility
0
 
LVL 13

Expert Comment

by:cshepfam
Comment Utility
disregard those last two
<a href="http://photobucket.com" target="_blank"><img src="http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg" border="0" alt="Photo Sharing and Video Hosting at Photobucket"></a>

Open in new window

0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
Keep in mind you may notice differences between the sonicwall standard and Enchanced OS
0
 
LVL 13

Expert Comment

by:cshepfam
Comment Utility

[IMG]http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg[/IMG]

Open in new window

0
 
LVL 13

Expert Comment

by:cshepfam
Comment Utility
how bout i just give u a direct link..lol.  I was tryin to paste the picture on here

http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 13

Expert Comment

by:cshepfam
Comment Utility
its simple, just choose allow or deny


pick the service you want to allow (such as smtp port 25) or deny (such as ICMP)

the rest is self explanatory
0
 

Author Comment

by:mutec1
Comment Utility
What does

Priority source destination Service Action Options Enable configure
10        OPT       WAN       ANY      Allow                  X
11          wan     OPT         ANY       Deny                  X

What does OPT mean ?
What does Wan mean ?
0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
OPT is the OPT port on the back of the firewall.  This is an optional port which is not active on some models.

WAN is the wide area networking port on the back of the firewall or put simply.. the Internet

These rules state
10.  that any traffic/any service originating on the OPT port may be sent to the wan port
11. Any traffic/any service originating from the WAN ( Internet) will NOT be send to the OPT port
0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
Opt port is usually used in sonicwall enchanced OS for things like load balancing between dual network (internet) connections etc
0
 
LVL 13

Accepted Solution

by:
cshepfam earned 500 total points
Comment Utility
Okay, here's what you need to know:


1. LAN - Local Area Network.  This is computers on YOUR physical network.  They are connected through Ethernet.  

2. WAN - Wide Area Network.  This is computers with a wireless access and computers accessing your network from external sources such as someone's home.

3. OPT - Already explained.


In setting up rules you have Allow and Deny.  You want to Deny external (WAN) computers from accessing your network using ICMP.  In this scenario, you are DENYing ICMP.  The source is ANY, the destination is ANY or *.  That means nobody from the outside will be able to ping anything on your network.


Thats just a scenario.  Just think of it like that.


Now lets say you have an external server such as a web server or mail server, on the sonic firewall you would have to create a One to One NAT.  That will allow outside sources to hit your server.

We'll get into that when you need it, lets just focus on the task ahead
0
 
LVL 13

Expert Comment

by:cshepfam
Comment Utility
0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
Why do a one to one nat?  Simply do port forwarding for services such as port 80 for web and port 25 for SMTP mail traffic.

WAN - Wide Area network.  These computers are anything outside of your local area network. Internet etc
0
 

Author Comment

by:mutec1
Comment Utility
What does Untrust Intra-zone policy mean.

For example:
Source  Destination      serfvice       action
any            any                     any           green check mark


What is RDP?
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them. Similar to ha…
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now