Solved

Sonicalwall Access Rules - most restrictive or least restrictive

Posted on 2010-09-21
5
546 Views
Last Modified: 2012-05-10
I am running a Sonicwall in enhanced mode. I have an access rule that allows port 25 traffic only from my email server to the wan which naturally stops infected machines from sending email to the WAN. I also have a rule that is set up as any - any from lan to wan.
The port 25 rule has a higher priority. Will the any to any service defeat my port 25 rule?
0
Comment
Question by:edwarddoylesr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
Dmapros earned 125 total points
ID: 33725754
Yes. The traffic is analyzed against the rule base to see which rule it will first match on. You can place another rule in between that has LAN - WAN Port 25 DENY. The mail server will still be able to send out mail because it will match on the rule you explicitly created for it.
0
 
LVL 8

Assisted Solution

by:jimmyray7
jimmyray7 earned 125 total points
ID: 33725919
The higher priority rule should take precedence, but you do need an explicit deny for the other hosts - Any->WAN port 25 DENY.
0
 

Author Comment

by:edwarddoylesr
ID: 33726871
I do have a deny for all other hosts that is one level lower than the allow for the mail server.
0
 
LVL 8

Expert Comment

by:jimmyray7
ID: 33727028
Then that should be sufficient.  You can test the rule with telnet from a workstation - open up a command prompt and 'telnet mx.west.cox.net 25'.  You shouldn't get a response.
0
 

Author Closing Comment

by:edwarddoylesr
ID: 33769707
This worked exactly as I wanted.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question