Program a Sonicwall TZ100...

Posted on 2011-09-06
Last Modified: 2012-05-12
I had two Hotbrick hardware firewalls, they both failed and the company ceased to exist... The nice thing was how easy it was to set up a whitelist, just enter some numerical url's, declare them as whitelist and voila!! The entire internet was blocked off except for a few chosen commercial url's which I wanted my Windows machine to access. There was no need for any antivirus, antispyware, windows updates, etc, and the XP machine ran flawlessly all day every day... It would not accept url's with the :port tacked on the end, that would have been nicer... So I'm looking for alternatives. I REALLY don't want to mess with Linux so Smoothwall and DD-WRT are out.. so I had this SonicWall thingy sitting here, I decided to try to find out if it would do what I want without paying them for a subscription service... I got on their forum and got a sort of ambiguous reply so I'm asking here....

I'm looking for specific instructions for entering a list of url's and making them the only url's available to a single Windows computer on a SonicWall TZ100 hardware firewall... I'll want undetectibility and SPI also but I can probably suss that out...
Question by:FuturesTrader
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 17

Assisted Solution

OriNetworks earned 250 total points
ID: 36495099
Most of the advanced filtering services from sonicwall are only available with paid licensing to activate those features. Other than that, you're stuck configuring firewall rules using ip addresses of the websites you want to access.

I wouldn't say you're secure by any means with this type of setup only blinded by what could happen although I certainly agree your scope of vulnerability is more limited which is good. First you want to make sure a few of the basic firewall rules are allowed. You could create address groups in its firewall for DNS Whitelist, HTTPWhitelist, HTTPSWhitelist then add your up addresses to that. This would be easier to maintain by just adding addresses to the group rather than creating new rules each time you want to whitelist a client.

LAN->LAN = source=all, destination=all, ports=all
LAN->WAN = source=LAN, destination=DNSWhitelist, ports=DNS
LAN->WAN = source=LAN, destination=HTTPWhitelist, ports=HTTP(80)
LAN->WAN = source=LAN, destination=HTTPSWhitelist, ports=HTTP(443)

Accepted Solution

amatson78 earned 250 total points
ID: 36495561
Just remember the SonicWALL follows a top down order. Make the first lines with the destinations you want allowed and the deny statements at the bottom :) You can also group the ports (services) so you can have a list with one Firewall outbound rule instead of multiple for each port. This uses less resources on the SonicWALL.

Alan, SonicWALL CSSA
LVL 33

Expert Comment

ID: 36496559
@Alan :: I've noticed that SW has instituted allowed and forbidden domains globally and per CFS policy...finally. In the past, setting up a whitelist was impossible within the sonicwall and I've had to use something like CCProxy instead. With this new feature (and possibly others) is a whitelist possible or is that not something I should hold my breath for? Seems creating whitelist access to the Internet (as FuturesTrader has indicated) is the best way to curtail malicious infections on user's workstations (minus removing Internet access period). Thanks for the feedback!

Expert Comment

ID: 36500284
@Digitap, AFAIK They are not looking at implementing an import type solution. As of 5.8.1 it is still the enter one line at a time method or integrate with something 3rd party with a proxy such as Websense.
LVL 33

Expert Comment

ID: 36500379
@Alan :: That seems to fit what I've seen. Thanks for confirming.

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question