Solved

Program a Sonicwall TZ100...

Posted on 2011-09-06
5
688 Views
Last Modified: 2012-05-12
I had two Hotbrick hardware firewalls, they both failed and the company ceased to exist... The nice thing was how easy it was to set up a whitelist, just enter some numerical url's, declare them as whitelist and voila!! The entire internet was blocked off except for a few chosen commercial url's which I wanted my Windows machine to access. There was no need for any antivirus, antispyware, windows updates, etc, and the XP machine ran flawlessly all day every day... It would not accept url's with the :port tacked on the end, that would have been nicer... So I'm looking for alternatives. I REALLY don't want to mess with Linux so Smoothwall and DD-WRT are out.. so I had this SonicWall thingy sitting here, I decided to try to find out if it would do what I want without paying them for a subscription service... I got on their forum and got a sort of ambiguous reply so I'm asking here....

I'm looking for specific instructions for entering a list of url's and making them the only url's available to a single Windows computer on a SonicWall TZ100 hardware firewall... I'll want undetectibility and SPI also but I can probably suss that out...
0
Comment
Question by:FuturesTrader
  • 2
  • 2
5 Comments
 
LVL 17

Assisted Solution

by:OriNetworks
OriNetworks earned 250 total points
ID: 36495099
Most of the advanced filtering services from sonicwall are only available with paid licensing to activate those features. Other than that, you're stuck configuring firewall rules using ip addresses of the websites you want to access.

I wouldn't say you're secure by any means with this type of setup only blinded by what could happen although I certainly agree your scope of vulnerability is more limited which is good. First you want to make sure a few of the basic firewall rules are allowed. You could create address groups in its firewall for DNS Whitelist, HTTPWhitelist, HTTPSWhitelist then add your up addresses to that. This would be easier to maintain by just adding addresses to the group rather than creating new rules each time you want to whitelist a client.

LAN->LAN = source=all, destination=all, ports=all
LAN->WAN = source=LAN, destination=DNSWhitelist, ports=DNS
LAN->WAN = source=LAN, destination=HTTPWhitelist, ports=HTTP(80)
LAN->WAN = source=LAN, destination=HTTPSWhitelist, ports=HTTP(443)
0
 
LVL 8

Accepted Solution

by:
amatson78 earned 250 total points
ID: 36495561
Just remember the SonicWALL follows a top down order. Make the first lines with the destinations you want allowed and the deny statements at the bottom :) You can also group the ports (services) so you can have a list with one Firewall outbound rule instead of multiple for each port. This uses less resources on the SonicWALL.

Alan, SonicWALL CSSA
0
 
LVL 33

Expert Comment

by:digitap
ID: 36496559
@Alan :: I've noticed that SW has instituted allowed and forbidden domains globally and per CFS policy...finally. In the past, setting up a whitelist was impossible within the sonicwall and I've had to use something like CCProxy instead. With this new feature (and possibly others) is a whitelist possible or is that not something I should hold my breath for? Seems creating whitelist access to the Internet (as FuturesTrader has indicated) is the best way to curtail malicious infections on user's workstations (minus removing Internet access period). Thanks for the feedback!
0
 
LVL 8

Expert Comment

by:amatson78
ID: 36500284
@Digitap, AFAIK They are not looking at implementing an import type solution. As of 5.8.1 it is still the enter one line at a time method or integrate with something 3rd party with a proxy such as Websense.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36500379
@Alan :: That seems to fit what I've seen. Thanks for confirming.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Healthcheck 2 100
Sonicwall blocks a site 49 76
Exchnage 2013  Error '550 5.7.1 Requested action not taken: message refused' 6 72
Lightweight Networking 9 36
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question