Solved

SonicWall firewall Rule to Block One Suspect PC Not working

Posted on 2014-07-25
2
985 Views
Last Modified: 2014-07-26
We have a SonicwAll TZ210 in our office with approx 30 users.
Recently we have had a lot of spontaneous reboots of the SonicWall and after weeks of troubleshooting including
replacing the SonicWall, multiple remote sessions with SonicWall support and fine combing all settings.
 I now suspect MY PC is causing the issue.  I have a Static IP so I want to test blocking my IP at the SonicWall to ALL WAN connections.
I want to do this at the SonicWall level with a RULE so I can remotely change it if needed via the WAN side of the SonicWall ( Yes I know its a risk to open SonicWall for WAN management , buts its for 2  hour, we have a lastpass complex password, non admin name, single remote IP mange rule, and are stealthed)

- Here is the  Address Object =   Name ( Peter PC) Type (Host)    Address IP ( my ip)    Zone ( LAN)
And Here is the Rule                       Source  ( Peter Pc) Destination ( ALL WAN IP) Service ( ANY)  Action ( DENY)

I see that the above has NO effect on my PC as I can still connect via Logmein and launch any web site.
Any comments or suggestions as to where I am going wrong would be appreciated.

( and one more thing - is there a place in SonicWall to see what LAN devices or PCs are doing the MOST connections over time ?
0
Comment
Question by:azpete
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40220878
All wan ip is a group that is all interfaces on the wan side, not the Internet.
Go to the firewall matrix, LAN to wan, from your address object to any block.
0
 
LVL 64

Expert Comment

by:btan
ID: 40220961
Zones also allow you to control how the various security services/features are applied, it’s not just about firewall rules.  Need to ensure the WAN is containing the interface as assumed.

For the most part, zones encompass physical ports on the Sonicwall but there are zones that are “virtual” such as VPN, MULTICAST and SSLVPN.  The virtual zones work in the same fashion as the zones that contain physical ports but their rules essentially “overlay” other zones. As an example, there are rules that apply to all traffic passing from the WAN to the LAN.  However, a client connecting over the SSL VPN connection should have a different set of rules applied even though they are connecting to the LAN via the WAN port, hence the need for the “virtual” zones.

Can consider putting the test static IP into a zone of its own and try the access rule from the zone e.g. restrict TestZone from WAN zone, if this is what you like...
http://thebeagle.itgroove.net/2013/10/18/sonicwall-zones-and-portshield-groups/
http://help.mysonicwall.com/sw/eng/general/ui1/6600/Access/Add_Rule.htm

The SonicWALL can perform a rolling analysis of the event log to show the top 25 most frequently accessed Web sites, the top 25 users of bandwidth by IP address, and the top 25 services consuming the most bandwidth.
http://help.mysonicwall.com/sw/eng/general/ui1/6600/Log/Reports.htm

Another is ViewPoint is a software solution that creates dynamic, Web-based reports of network activity from your SonicWALL log. ViewPoint generates both real-time and historical reports to provide a complete view of all activity through your SonicWALL Internet Security Appliance. However, this requires you to have an upgrade key
http://help.mysonicwall.com/sw/eng/419/ui2/41/Install_ViewPoint.html
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question