• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1720
  • Last Modified:

Sonicwall route policies / address objects

I am setting up a SonicWall TZ100 and have a few questions regarding the meaning of some of the address objects and how they work in route policies.  For example, here are the default route policies showing:

       Source                                Destination                           Service     Gateway                   Interface
 1    Any                                        Any                       X0  
 2    Any                                     Default Gateway                    Any                       X1    
 3    Any                                     LAN Primary Subnet             Any                       X0      
 4    Any                                     WAN Primary Subnet            Any                       X1    
 5    WAN Primary Subnet          Any                                        Any            Default Gateway     X1      
 6    Any                                                            Any                 X1

X0 is the LAN, and X1 is the WAN.

So here are my questions:
1.  What is the technical definition of 'ANY'?  I ask this because rule 1 makes no sense to me.

2.  Rule 1:  What is the meaning of

3.  Rule 1:  Gateway - If the above was broadcast, why would it try to broadcast it to, or presumably the internet, especially since it won't work anyway?
  • 2
2 Solutions
When I need to explain the default route policies on a SW firewall, I always refer to this KB:http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5108Please review and post any followup questions.  Hope it helps!
1.  You can specify specific services you wish to allow to run through certain interfaces.  For instance, if you had a web server, you would route HTTP (port 80) to the IP address of the Web Service .  "Any", means Any...any and every service is routed the same way.  Unless/until you route traffic differently for different services (email server, web server, etc), you'll see "Any" a lot.

2. would be broadcasts.  The destination of X0 keeps them in your LAN.  

3.  A gateway of is a default route...Having it there simply says your not routing broadcast traffic to a specific gateway.  Again, the X0 keeps it in the LAN.  If the Interface were X1, then, yes, it would be trying to shove it onto whatever is connected to X1 (I presume a router/modem from your ISP).  

Nice devices, Sonicwalls.  I kind of miss them as my current position uses other gear.  I presume this SonicWall is running OS Enhanced, much more complex than the old OS Standard, but incredibly flexible, especially for routing.  I would advise running their wizards as you setup routing/firewall rules until you get the hang of what they are doing, and note the changes it makes.  That will help you understand the interface better.  Also do a good backup before any major changes...that probably kept me from getting fired a time or two, as I managed to brick a couple of them (though, in most cases, not so bad that I couldn't default them and restore the backup).  

Good luck!
B1izzardAuthor Commented:
Excellent info.  Thanks!
Your welcome and thanks for the points!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now