Go Premium for a chance to win a PS4. Enter to Win


Program a Sonicwall TZ100...

Posted on 2011-09-06
Medium Priority
Last Modified: 2012-05-12
I had two Hotbrick hardware firewalls, they both failed and the company ceased to exist... The nice thing was how easy it was to set up a whitelist, just enter some numerical url's, declare them as whitelist and voila!! The entire internet was blocked off except for a few chosen commercial url's which I wanted my Windows machine to access. There was no need for any antivirus, antispyware, windows updates, etc, and the XP machine ran flawlessly all day every day... It would not accept url's with the :port tacked on the end, that would have been nicer... So I'm looking for alternatives. I REALLY don't want to mess with Linux so Smoothwall and DD-WRT are out.. so I had this SonicWall thingy sitting here, I decided to try to find out if it would do what I want without paying them for a subscription service... I got on their forum and got a sort of ambiguous reply so I'm asking here....

I'm looking for specific instructions for entering a list of url's and making them the only url's available to a single Windows computer on a SonicWall TZ100 hardware firewall... I'll want undetectibility and SPI also but I can probably suss that out...
Question by:FuturesTrader
  • 2
  • 2
LVL 17

Assisted Solution

OriNetworks earned 1000 total points
ID: 36495099
Most of the advanced filtering services from sonicwall are only available with paid licensing to activate those features. Other than that, you're stuck configuring firewall rules using ip addresses of the websites you want to access.

I wouldn't say you're secure by any means with this type of setup only blinded by what could happen although I certainly agree your scope of vulnerability is more limited which is good. First you want to make sure a few of the basic firewall rules are allowed. You could create address groups in its firewall for DNS Whitelist, HTTPWhitelist, HTTPSWhitelist then add your up addresses to that. This would be easier to maintain by just adding addresses to the group rather than creating new rules each time you want to whitelist a client.

LAN->LAN = source=all, destination=all, ports=all
LAN->WAN = source=LAN, destination=DNSWhitelist, ports=DNS
LAN->WAN = source=LAN, destination=HTTPWhitelist, ports=HTTP(80)
LAN->WAN = source=LAN, destination=HTTPSWhitelist, ports=HTTP(443)

Accepted Solution

amatson78 earned 1000 total points
ID: 36495561
Just remember the SonicWALL follows a top down order. Make the first lines with the destinations you want allowed and the deny statements at the bottom :) You can also group the ports (services) so you can have a list with one Firewall outbound rule instead of multiple for each port. This uses less resources on the SonicWALL.

Alan, SonicWALL CSSA
LVL 33

Expert Comment

ID: 36496559
@Alan :: I've noticed that SW has instituted allowed and forbidden domains globally and per CFS policy...finally. In the past, setting up a whitelist was impossible within the sonicwall and I've had to use something like CCProxy instead. With this new feature (and possibly others) is a whitelist possible or is that not something I should hold my breath for? Seems creating whitelist access to the Internet (as FuturesTrader has indicated) is the best way to curtail malicious infections on user's workstations (minus removing Internet access period). Thanks for the feedback!

Expert Comment

ID: 36500284
@Digitap, AFAIK They are not looking at implementing an import type solution. As of 5.8.1 it is still the enter one line at a time method or integrate with something 3rd party with a proxy such as Websense.
LVL 33

Expert Comment

ID: 36500379
@Alan :: That seems to fit what I've seen. Thanks for confirming.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question