Solved

How to read the rules on a sonic wall firewall

Posted on 2007-11-20
15
692 Views
Last Modified: 2008-03-19
Can you provide a generic screen shot of a SonicWall firewall access rules.

How do I know that my network is protected based on the rules?

Thanks
0
Comment
Question by:mutec1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 2
15 Comments
 
LVL 15

Expert Comment

by:getzjd
ID: 20322259
If you look at the WAN --> lan section.  This is where you allow/deny traffic inbound.

http://www.4shared.com/file/29885406/83d0f4ac/sonicwall1.html   Click on the picture for a full view

This is a basic setup.  I only allow vpn traffic and management of the firewal.  The management of the sonicwall externall is restricted to only my Home IP  address.

No other ports should be opened.

0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322261
<a href="http://photobucket.com" target="_blank"><img src="http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg" border="0" alt="Photo Sharing and Video Hosting at Photobucket"></a>
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322264
0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 13

Expert Comment

by:cshepfam
ID: 20322270
disregard those last two
<a href="http://photobucket.com" target="_blank"><img src="http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg" border="0" alt="Photo Sharing and Video Hosting at Photobucket"></a>

Open in new window

0
 
LVL 15

Expert Comment

by:getzjd
ID: 20322273
Keep in mind you may notice differences between the sonicwall standard and Enchanced OS
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322276

[IMG]http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg[/IMG]

Open in new window

0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322282
how bout i just give u a direct link..lol.  I was tryin to paste the picture on here

http://i215.photobucket.com/albums/cc82/ThaMessiah_2007/sw-createaccessrule.jpg
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322291
its simple, just choose allow or deny


pick the service you want to allow (such as smtp port 25) or deny (such as ICMP)

the rest is self explanatory
0
 

Author Comment

by:mutec1
ID: 20322438
What does

Priority source destination Service Action Options Enable configure
10        OPT       WAN       ANY      Allow                  X
11          wan     OPT         ANY       Deny                  X

What does OPT mean ?
What does Wan mean ?
0
 
LVL 15

Expert Comment

by:getzjd
ID: 20322463
OPT is the OPT port on the back of the firewall.  This is an optional port which is not active on some models.

WAN is the wide area networking port on the back of the firewall or put simply.. the Internet

These rules state
10.  that any traffic/any service originating on the OPT port may be sent to the wan port
11. Any traffic/any service originating from the WAN ( Internet) will NOT be send to the OPT port
0
 
LVL 15

Expert Comment

by:getzjd
ID: 20322474
Opt port is usually used in sonicwall enchanced OS for things like load balancing between dual network (internet) connections etc
0
 
LVL 13

Accepted Solution

by:
cshepfam earned 500 total points
ID: 20322528
Okay, here's what you need to know:


1. LAN - Local Area Network.  This is computers on YOUR physical network.  They are connected through Ethernet.  

2. WAN - Wide Area Network.  This is computers with a wireless access and computers accessing your network from external sources such as someone's home.

3. OPT - Already explained.


In setting up rules you have Allow and Deny.  You want to Deny external (WAN) computers from accessing your network using ICMP.  In this scenario, you are DENYing ICMP.  The source is ANY, the destination is ANY or *.  That means nobody from the outside will be able to ping anything on your network.


Thats just a scenario.  Just think of it like that.


Now lets say you have an external server such as a web server or mail server, on the sonic firewall you would have to create a One to One NAT.  That will allow outside sources to hit your server.

We'll get into that when you need it, lets just focus on the task ahead
0
 
LVL 13

Expert Comment

by:cshepfam
ID: 20322545
0
 
LVL 15

Expert Comment

by:getzjd
ID: 20322559
Why do a one to one nat?  Simply do port forwarding for services such as port 80 for web and port 25 for SMTP mail traffic.

WAN - Wide Area network.  These computers are anything outside of your local area network. Internet etc
0
 

Author Comment

by:mutec1
ID: 20842108
What does Untrust Intra-zone policy mean.

For example:
Source  Destination      serfvice       action
any            any                     any           green check mark


What is RDP?
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA 5520 problem with Failover in Active/Standby 8 159
Simple Router Management, Subnets and VLANs e.g. RV0xx 7 101
QoS on Cisco router 10 59
NAT on Fortigate 2 40
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question