Solved

Sonicalwall Access Rules - most restrictive or least restrictive

Posted on 2010-09-21
5
545 Views
Last Modified: 2012-05-10
I am running a Sonicwall in enhanced mode. I have an access rule that allows port 25 traffic only from my email server to the wan which naturally stops infected machines from sending email to the WAN. I also have a rule that is set up as any - any from lan to wan.
The port 25 rule has a higher priority. Will the any to any service defeat my port 25 rule?
0
Comment
Question by:edwarddoylesr
  • 2
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
Dmapros earned 125 total points
ID: 33725754
Yes. The traffic is analyzed against the rule base to see which rule it will first match on. You can place another rule in between that has LAN - WAN Port 25 DENY. The mail server will still be able to send out mail because it will match on the rule you explicitly created for it.
0
 
LVL 8

Assisted Solution

by:jimmyray7
jimmyray7 earned 125 total points
ID: 33725919
The higher priority rule should take precedence, but you do need an explicit deny for the other hosts - Any->WAN port 25 DENY.
0
 

Author Comment

by:edwarddoylesr
ID: 33726871
I do have a deny for all other hosts that is one level lower than the allow for the mail server.
0
 
LVL 8

Expert Comment

by:jimmyray7
ID: 33727028
Then that should be sufficient.  You can test the rule with telnet from a workstation - open up a command prompt and 'telnet mx.west.cox.net 25'.  You shouldn't get a response.
0
 

Author Closing Comment

by:edwarddoylesr
ID: 33769707
This worked exactly as I wanted.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question