Solved

SonicWall firewall Rule to Block One Suspect PC Not working

Posted on 2014-07-25
2
947 Views
Last Modified: 2014-07-26
We have a SonicwAll TZ210 in our office with approx 30 users.
Recently we have had a lot of spontaneous reboots of the SonicWall and after weeks of troubleshooting including
replacing the SonicWall, multiple remote sessions with SonicWall support and fine combing all settings.
 I now suspect MY PC is causing the issue.  I have a Static IP so I want to test blocking my IP at the SonicWall to ALL WAN connections.
I want to do this at the SonicWall level with a RULE so I can remotely change it if needed via the WAN side of the SonicWall ( Yes I know its a risk to open SonicWall for WAN management , buts its for 2  hour, we have a lastpass complex password, non admin name, single remote IP mange rule, and are stealthed)

- Here is the  Address Object =   Name ( Peter PC) Type (Host)    Address IP ( my ip)    Zone ( LAN)
And Here is the Rule                       Source  ( Peter Pc) Destination ( ALL WAN IP) Service ( ANY)  Action ( DENY)

I see that the above has NO effect on my PC as I can still connect via Logmein and launch any web site.
Any comments or suggestions as to where I am going wrong would be appreciated.

( and one more thing - is there a place in SonicWall to see what LAN devices or PCs are doing the MOST connections over time ?
0
Comment
Question by:azpete
2 Comments
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40220878
All wan ip is a group that is all interfaces on the wan side, not the Internet.
Go to the firewall matrix, LAN to wan, from your address object to any block.
0
 
LVL 62

Expert Comment

by:btan
ID: 40220961
Zones also allow you to control how the various security services/features are applied, it’s not just about firewall rules.  Need to ensure the WAN is containing the interface as assumed.

For the most part, zones encompass physical ports on the Sonicwall but there are zones that are “virtual” such as VPN, MULTICAST and SSLVPN.  The virtual zones work in the same fashion as the zones that contain physical ports but their rules essentially “overlay” other zones. As an example, there are rules that apply to all traffic passing from the WAN to the LAN.  However, a client connecting over the SSL VPN connection should have a different set of rules applied even though they are connecting to the LAN via the WAN port, hence the need for the “virtual” zones.

Can consider putting the test static IP into a zone of its own and try the access rule from the zone e.g. restrict TestZone from WAN zone, if this is what you like...
http://thebeagle.itgroove.net/2013/10/18/sonicwall-zones-and-portshield-groups/
http://help.mysonicwall.com/sw/eng/general/ui1/6600/Access/Add_Rule.htm

The SonicWALL can perform a rolling analysis of the event log to show the top 25 most frequently accessed Web sites, the top 25 users of bandwidth by IP address, and the top 25 services consuming the most bandwidth.
http://help.mysonicwall.com/sw/eng/general/ui1/6600/Log/Reports.htm

Another is ViewPoint is a software solution that creates dynamic, Web-based reports of network activity from your SonicWALL log. ViewPoint generates both real-time and historical reports to provide a complete view of all activity through your SonicWALL Internet Security Appliance. However, this requires you to have an upgrade key
http://help.mysonicwall.com/sw/eng/419/ui2/41/Install_ViewPoint.html
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question