Solved

Access Rule in Sonicwall

Posted on 2013-10-30
4
761 Views
Last Modified: 2013-10-30
Under Access rule in Sonicwall Pro 4060, an access rule has been created flowing from WAN to LAN zone and the destination is defined as WAN IP address.

As the flow is from WAN, I suppose the source IP should be WAN IP address. Why is appeared like this ?

Tks
Test.png
0
Comment
Question by:AXISHK
  • 2
4 Comments
 
LVL 25

Assisted Solution

by:Diverse IT
Diverse IT earned 250 total points
ID: 39610889
Hi AXISHK,

Yes, your rule in the attachment should be set to the WAN Primary IP or WAN IP rather than the numerical value of your IP, if possible (the Pro 4060 is an older model so it may only allow for the numerical IP value).

The WAN > LAN deny rule is what makes your firewall a firewall. You should have those in any Zone you want by default blocked (typically the WAN > {firewalled subnet, e.g. LAN, DMZ, WLAN, etc.}). The Destination should actually be Any because it will block all WAN IPs that way.

Your default deny Access Rule should read as follows:

From: WAN
To: LAN
Priority: <lowest, if you have 3 Access Rules here it should be last or in this case #3>
Source: Any
Destination: Any
Service: Any
Action: Deny or Discard
Users Incl.: All
Users Excl.: None
Comment: <whatever you want to document this rule>

Let me know if you have any questions!
0
 
LVL 16

Accepted Solution

by:
Shaik M. Sajid earned 250 total points
ID: 39610897
it means external traffice coming from the WAN traffic from the IP (Destination=113.2.x.x) allow to lan on specific service... (could be RDP)

guided article :
http://support.microsoft.com/kb/304304

all the best
0
 

Author Closing Comment

by:AXISHK
ID: 39611110
Tks
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39612761
Glad I could help...thanks for the points!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question