Sonicwall route policies / address objects

Posted on 2010-09-20
Last Modified: 2012-05-10
I am setting up a SonicWall TZ100 and have a few questions regarding the meaning of some of the address objects and how they work in route policies.  For example, here are the default route policies showing:

       Source                                Destination                           Service     Gateway                   Interface
 1    Any                                        Any                       X0  
 2    Any                                     Default Gateway                    Any                       X1    
 3    Any                                     LAN Primary Subnet             Any                       X0      
 4    Any                                     WAN Primary Subnet            Any                       X1    
 5    WAN Primary Subnet          Any                                        Any            Default Gateway     X1      
 6    Any                                                            Any                 X1

X0 is the LAN, and X1 is the WAN.

So here are my questions:
1.  What is the technical definition of 'ANY'?  I ask this because rule 1 makes no sense to me.

2.  Rule 1:  What is the meaning of

3.  Rule 1:  Gateway - If the above was broadcast, why would it try to broadcast it to, or presumably the internet, especially since it won't work anyway?
Question by:B1izzard
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 33

Accepted Solution

digitap earned 250 total points
ID: 33722207
When I need to explain the default route policies on a SW firewall, I always refer to this KB: review and post any followup questions.  Hope it helps!

Assisted Solution

chirkware earned 250 total points
ID: 33722230
1.  You can specify specific services you wish to allow to run through certain interfaces.  For instance, if you had a web server, you would route HTTP (port 80) to the IP address of the Web Service .  "Any", means Any...any and every service is routed the same way.  Unless/until you route traffic differently for different services (email server, web server, etc), you'll see "Any" a lot.

2. would be broadcasts.  The destination of X0 keeps them in your LAN.  

3.  A gateway of is a default route...Having it there simply says your not routing broadcast traffic to a specific gateway.  Again, the X0 keeps it in the LAN.  If the Interface were X1, then, yes, it would be trying to shove it onto whatever is connected to X1 (I presume a router/modem from your ISP).  

Nice devices, Sonicwalls.  I kind of miss them as my current position uses other gear.  I presume this SonicWall is running OS Enhanced, much more complex than the old OS Standard, but incredibly flexible, especially for routing.  I would advise running their wizards as you setup routing/firewall rules until you get the hang of what they are doing, and note the changes it makes.  That will help you understand the interface better.  Also do a good backup before any major changes...that probably kept me from getting fired a time or two, as I managed to brick a couple of them (though, in most cases, not so bad that I couldn't default them and restore the backup).  

Good luck!

Author Closing Comment

ID: 33842792
Excellent info.  Thanks!
LVL 33

Expert Comment

ID: 33844438
Your welcome and thanks for the points!

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question