Solved

Sonicwall route policies / address objects

Posted on 2010-09-20
4
1,525 Views
Last Modified: 2012-05-10
I am setting up a SonicWall TZ100 and have a few questions regarding the meaning of some of the address objects and how they work in route policies.  For example, here are the default route policies showing:

       Source                                Destination                           Service     Gateway                   Interface
 1    Any                                     255.255.255.255/32             Any            0.0.0.0                     X0  
 2    Any                                     Default Gateway                    Any            0.0.0.0                     X1    
 3    Any                                     LAN Primary Subnet             Any            0.0.0.0                     X0      
 4    Any                                     WAN Primary Subnet            Any            0.0.0.0                     X1    
 5    WAN Primary Subnet          Any                                        Any            Default Gateway     X1      
 6    Any                                     0.0.0.0/0                                 Any            68.175.1.1               X1

X0 is the LAN, and X1 is the WAN.

So here are my questions:
1.  What is the technical definition of 'ANY'?  I ask this because rule 1 makes no sense to me.

2.  Rule 1:  What is the meaning of 255.255.255.255/32?

3.  Rule 1:  Gateway 0.0.0.0 - If the above was broadcast, why would it try to broadcast it to 0.0.0.0, or presumably the internet, especially since it won't work anyway?
0
Comment
Question by:B1izzard
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33722207
When I need to explain the default route policies on a SW firewall, I always refer to this KB:http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5108Please review and post any followup questions.  Hope it helps!
0
 
LVL 4

Assisted Solution

by:chirkware
chirkware earned 250 total points
ID: 33722230
1.  You can specify specific services you wish to allow to run through certain interfaces.  For instance, if you had a web server, you would route HTTP (port 80) to the IP address of the Web Service .  "Any", means Any...any and every service is routed the same way.  Unless/until you route traffic differently for different services (email server, web server, etc), you'll see "Any" a lot.

2.  255.255.255.255/32 would be broadcasts.  The destination of X0 keeps them in your LAN.  

3.  A gateway of 0.0.0.0 is a default route...Having it there simply says your not routing broadcast traffic to a specific gateway.  Again, the X0 keeps it in the LAN.  If the Interface were X1, then, yes, it would be trying to shove it onto whatever is connected to X1 (I presume a router/modem from your ISP).  

Nice devices, Sonicwalls.  I kind of miss them as my current position uses other gear.  I presume this SonicWall is running OS Enhanced, much more complex than the old OS Standard, but incredibly flexible, especially for routing.  I would advise running their wizards as you setup routing/firewall rules until you get the hang of what they are doing, and note the changes it makes.  That will help you understand the interface better.  Also do a good backup before any major changes...that probably kept me from getting fired a time or two, as I managed to brick a couple of them (though, in most cases, not so bad that I couldn't default them and restore the backup).  

Good luck!
0
 

Author Closing Comment

by:B1izzard
ID: 33842792
Excellent info.  Thanks!
0
 
LVL 33

Expert Comment

by:digitap
ID: 33844438
Your welcome and thanks for the points!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now