Program a Sonicwall TZ100...

Posted on 2011-09-06
Last Modified: 2012-05-12
I had two Hotbrick hardware firewalls, they both failed and the company ceased to exist... The nice thing was how easy it was to set up a whitelist, just enter some numerical url's, declare them as whitelist and voila!! The entire internet was blocked off except for a few chosen commercial url's which I wanted my Windows machine to access. There was no need for any antivirus, antispyware, windows updates, etc, and the XP machine ran flawlessly all day every day... It would not accept url's with the :port tacked on the end, that would have been nicer... So I'm looking for alternatives. I REALLY don't want to mess with Linux so Smoothwall and DD-WRT are out.. so I had this SonicWall thingy sitting here, I decided to try to find out if it would do what I want without paying them for a subscription service... I got on their forum and got a sort of ambiguous reply so I'm asking here....

I'm looking for specific instructions for entering a list of url's and making them the only url's available to a single Windows computer on a SonicWall TZ100 hardware firewall... I'll want undetectibility and SPI also but I can probably suss that out...
Question by:FuturesTrader
  • 2
  • 2
LVL 17

Assisted Solution

OriNetworks earned 250 total points
ID: 36495099
Most of the advanced filtering services from sonicwall are only available with paid licensing to activate those features. Other than that, you're stuck configuring firewall rules using ip addresses of the websites you want to access.

I wouldn't say you're secure by any means with this type of setup only blinded by what could happen although I certainly agree your scope of vulnerability is more limited which is good. First you want to make sure a few of the basic firewall rules are allowed. You could create address groups in its firewall for DNS Whitelist, HTTPWhitelist, HTTPSWhitelist then add your up addresses to that. This would be easier to maintain by just adding addresses to the group rather than creating new rules each time you want to whitelist a client.

LAN->LAN = source=all, destination=all, ports=all
LAN->WAN = source=LAN, destination=DNSWhitelist, ports=DNS
LAN->WAN = source=LAN, destination=HTTPWhitelist, ports=HTTP(80)
LAN->WAN = source=LAN, destination=HTTPSWhitelist, ports=HTTP(443)

Accepted Solution

amatson78 earned 250 total points
ID: 36495561
Just remember the SonicWALL follows a top down order. Make the first lines with the destinations you want allowed and the deny statements at the bottom :) You can also group the ports (services) so you can have a list with one Firewall outbound rule instead of multiple for each port. This uses less resources on the SonicWALL.

Alan, SonicWALL CSSA
LVL 33

Expert Comment

ID: 36496559
@Alan :: I've noticed that SW has instituted allowed and forbidden domains globally and per CFS policy...finally. In the past, setting up a whitelist was impossible within the sonicwall and I've had to use something like CCProxy instead. With this new feature (and possibly others) is a whitelist possible or is that not something I should hold my breath for? Seems creating whitelist access to the Internet (as FuturesTrader has indicated) is the best way to curtail malicious infections on user's workstations (minus removing Internet access period). Thanks for the feedback!

Expert Comment

ID: 36500284
@Digitap, AFAIK They are not looking at implementing an import type solution. As of 5.8.1 it is still the enter one line at a time method or integrate with something 3rd party with a proxy such as Websense.
LVL 33

Expert Comment

ID: 36500379
@Alan :: That seems to fit what I've seen. Thanks for confirming.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PCI Compliance - mixing SAQs 6 45
exchange, email gateway 2 51
Wordpress Security 29 50
How can two sites exist with the exact content and not be blacklisted by google 5 25
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter ( that massive stores of data have been leaked by CloudFlare, a company that provide…
OnPage: Incident management and secure messaging on your smartphone
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question