Solved

SonicWall firewall Rule to Block One Suspect PC Not working

Posted on 2014-07-25
2
933 Views
Last Modified: 2014-07-26
We have a SonicwAll TZ210 in our office with approx 30 users.
Recently we have had a lot of spontaneous reboots of the SonicWall and after weeks of troubleshooting including
replacing the SonicWall, multiple remote sessions with SonicWall support and fine combing all settings.
 I now suspect MY PC is causing the issue.  I have a Static IP so I want to test blocking my IP at the SonicWall to ALL WAN connections.
I want to do this at the SonicWall level with a RULE so I can remotely change it if needed via the WAN side of the SonicWall ( Yes I know its a risk to open SonicWall for WAN management , buts its for 2  hour, we have a lastpass complex password, non admin name, single remote IP mange rule, and are stealthed)

- Here is the  Address Object =   Name ( Peter PC) Type (Host)    Address IP ( my ip)    Zone ( LAN)
And Here is the Rule                       Source  ( Peter Pc) Destination ( ALL WAN IP) Service ( ANY)  Action ( DENY)

I see that the above has NO effect on my PC as I can still connect via Logmein and launch any web site.
Any comments or suggestions as to where I am going wrong would be appreciated.

( and one more thing - is there a place in SonicWall to see what LAN devices or PCs are doing the MOST connections over time ?
0
Comment
Question by:azpete
2 Comments
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40220878
All wan ip is a group that is all interfaces on the wan side, not the Internet.
Go to the firewall matrix, LAN to wan, from your address object to any block.
0
 
LVL 62

Expert Comment

by:btan
ID: 40220961
Zones also allow you to control how the various security services/features are applied, it’s not just about firewall rules.  Need to ensure the WAN is containing the interface as assumed.

For the most part, zones encompass physical ports on the Sonicwall but there are zones that are “virtual” such as VPN, MULTICAST and SSLVPN.  The virtual zones work in the same fashion as the zones that contain physical ports but their rules essentially “overlay” other zones. As an example, there are rules that apply to all traffic passing from the WAN to the LAN.  However, a client connecting over the SSL VPN connection should have a different set of rules applied even though they are connecting to the LAN via the WAN port, hence the need for the “virtual” zones.

Can consider putting the test static IP into a zone of its own and try the access rule from the zone e.g. restrict TestZone from WAN zone, if this is what you like...
http://thebeagle.itgroove.net/2013/10/18/sonicwall-zones-and-portshield-groups/
http://help.mysonicwall.com/sw/eng/general/ui1/6600/Access/Add_Rule.htm

The SonicWALL can perform a rolling analysis of the event log to show the top 25 most frequently accessed Web sites, the top 25 users of bandwidth by IP address, and the top 25 services consuming the most bandwidth.
http://help.mysonicwall.com/sw/eng/general/ui1/6600/Log/Reports.htm

Another is ViewPoint is a software solution that creates dynamic, Web-based reports of network activity from your SonicWALL log. ViewPoint generates both real-time and historical reports to provide a complete view of all activity through your SonicWALL Internet Security Appliance. However, this requires you to have an upgrade key
http://help.mysonicwall.com/sw/eng/419/ui2/41/Install_ViewPoint.html
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Two of my three WiFi Routers lose connection 6 51
Add Mac address reservation to Sonicwall TZ 210 router 1 43
BGP Code 12 41
ssh setup on Cisco swith 11 43
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now