Solved

SonicWall firewall Rule to Block One Suspect PC Not working

Posted on 2014-07-25
2
916 Views
Last Modified: 2014-07-26
We have a SonicwAll TZ210 in our office with approx 30 users.
Recently we have had a lot of spontaneous reboots of the SonicWall and after weeks of troubleshooting including
replacing the SonicWall, multiple remote sessions with SonicWall support and fine combing all settings.
 I now suspect MY PC is causing the issue.  I have a Static IP so I want to test blocking my IP at the SonicWall to ALL WAN connections.
I want to do this at the SonicWall level with a RULE so I can remotely change it if needed via the WAN side of the SonicWall ( Yes I know its a risk to open SonicWall for WAN management , buts its for 2  hour, we have a lastpass complex password, non admin name, single remote IP mange rule, and are stealthed)

- Here is the  Address Object =   Name ( Peter PC) Type (Host)    Address IP ( my ip)    Zone ( LAN)
And Here is the Rule                       Source  ( Peter Pc) Destination ( ALL WAN IP) Service ( ANY)  Action ( DENY)

I see that the above has NO effect on my PC as I can still connect via Logmein and launch any web site.
Any comments or suggestions as to where I am going wrong would be appreciated.

( and one more thing - is there a place in SonicWall to see what LAN devices or PCs are doing the MOST connections over time ?
0
Comment
Question by:azpete
2 Comments
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40220878
All wan ip is a group that is all interfaces on the wan side, not the Internet.
Go to the firewall matrix, LAN to wan, from your address object to any block.
0
 
LVL 61

Expert Comment

by:btan
ID: 40220961
Zones also allow you to control how the various security services/features are applied, it’s not just about firewall rules.  Need to ensure the WAN is containing the interface as assumed.

For the most part, zones encompass physical ports on the Sonicwall but there are zones that are “virtual” such as VPN, MULTICAST and SSLVPN.  The virtual zones work in the same fashion as the zones that contain physical ports but their rules essentially “overlay” other zones. As an example, there are rules that apply to all traffic passing from the WAN to the LAN.  However, a client connecting over the SSL VPN connection should have a different set of rules applied even though they are connecting to the LAN via the WAN port, hence the need for the “virtual” zones.

Can consider putting the test static IP into a zone of its own and try the access rule from the zone e.g. restrict TestZone from WAN zone, if this is what you like...
http://thebeagle.itgroove.net/2013/10/18/sonicwall-zones-and-portshield-groups/
http://help.mysonicwall.com/sw/eng/general/ui1/6600/Access/Add_Rule.htm

The SonicWALL can perform a rolling analysis of the event log to show the top 25 most frequently accessed Web sites, the top 25 users of bandwidth by IP address, and the top 25 services consuming the most bandwidth.
http://help.mysonicwall.com/sw/eng/general/ui1/6600/Log/Reports.htm

Another is ViewPoint is a software solution that creates dynamic, Web-based reports of network activity from your SonicWALL log. ViewPoint generates both real-time and historical reports to provide a complete view of all activity through your SonicWALL Internet Security Appliance. However, this requires you to have an upgrade key
http://help.mysonicwall.com/sw/eng/419/ui2/41/Install_ViewPoint.html
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now