Solved

Sonicalwall Access Rules - most restrictive or least restrictive

Posted on 2010-09-21
5
540 Views
Last Modified: 2012-05-10
I am running a Sonicwall in enhanced mode. I have an access rule that allows port 25 traffic only from my email server to the wan which naturally stops infected machines from sending email to the WAN. I also have a rule that is set up as any - any from lan to wan.
The port 25 rule has a higher priority. Will the any to any service defeat my port 25 rule?
0
Comment
Question by:edwarddoylesr
  • 2
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
Dmapros earned 125 total points
ID: 33725754
Yes. The traffic is analyzed against the rule base to see which rule it will first match on. You can place another rule in between that has LAN - WAN Port 25 DENY. The mail server will still be able to send out mail because it will match on the rule you explicitly created for it.
0
 
LVL 8

Assisted Solution

by:jimmyray7
jimmyray7 earned 125 total points
ID: 33725919
The higher priority rule should take precedence, but you do need an explicit deny for the other hosts - Any->WAN port 25 DENY.
0
 

Author Comment

by:edwarddoylesr
ID: 33726871
I do have a deny for all other hosts that is one level lower than the allow for the mail server.
0
 
LVL 8

Expert Comment

by:jimmyray7
ID: 33727028
Then that should be sufficient.  You can test the rule with telnet from a workstation - open up a command prompt and 'telnet mx.west.cox.net 25'.  You shouldn't get a response.
0
 

Author Closing Comment

by:edwarddoylesr
ID: 33769707
This worked exactly as I wanted.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now