Solved

SonicWall firewall Rule to Block One Suspect PC Not working

Posted on 2014-07-25
2
960 Views
Last Modified: 2014-07-26
We have a SonicwAll TZ210 in our office with approx 30 users.
Recently we have had a lot of spontaneous reboots of the SonicWall and after weeks of troubleshooting including
replacing the SonicWall, multiple remote sessions with SonicWall support and fine combing all settings.
 I now suspect MY PC is causing the issue.  I have a Static IP so I want to test blocking my IP at the SonicWall to ALL WAN connections.
I want to do this at the SonicWall level with a RULE so I can remotely change it if needed via the WAN side of the SonicWall ( Yes I know its a risk to open SonicWall for WAN management , buts its for 2  hour, we have a lastpass complex password, non admin name, single remote IP mange rule, and are stealthed)

- Here is the  Address Object =   Name ( Peter PC) Type (Host)    Address IP ( my ip)    Zone ( LAN)
And Here is the Rule                       Source  ( Peter Pc) Destination ( ALL WAN IP) Service ( ANY)  Action ( DENY)

I see that the above has NO effect on my PC as I can still connect via Logmein and launch any web site.
Any comments or suggestions as to where I am going wrong would be appreciated.

( and one more thing - is there a place in SonicWall to see what LAN devices or PCs are doing the MOST connections over time ?
0
Comment
Question by:azpete
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40220878
All wan ip is a group that is all interfaces on the wan side, not the Internet.
Go to the firewall matrix, LAN to wan, from your address object to any block.
0
 
LVL 63

Expert Comment

by:btan
ID: 40220961
Zones also allow you to control how the various security services/features are applied, it’s not just about firewall rules.  Need to ensure the WAN is containing the interface as assumed.

For the most part, zones encompass physical ports on the Sonicwall but there are zones that are “virtual” such as VPN, MULTICAST and SSLVPN.  The virtual zones work in the same fashion as the zones that contain physical ports but their rules essentially “overlay” other zones. As an example, there are rules that apply to all traffic passing from the WAN to the LAN.  However, a client connecting over the SSL VPN connection should have a different set of rules applied even though they are connecting to the LAN via the WAN port, hence the need for the “virtual” zones.

Can consider putting the test static IP into a zone of its own and try the access rule from the zone e.g. restrict TestZone from WAN zone, if this is what you like...
http://thebeagle.itgroove.net/2013/10/18/sonicwall-zones-and-portshield-groups/
http://help.mysonicwall.com/sw/eng/general/ui1/6600/Access/Add_Rule.htm

The SonicWALL can perform a rolling analysis of the event log to show the top 25 most frequently accessed Web sites, the top 25 users of bandwidth by IP address, and the top 25 services consuming the most bandwidth.
http://help.mysonicwall.com/sw/eng/general/ui1/6600/Log/Reports.htm

Another is ViewPoint is a software solution that creates dynamic, Web-based reports of network activity from your SonicWALL log. ViewPoint generates both real-time and historical reports to provide a complete view of all activity through your SonicWALL Internet Security Appliance. However, this requires you to have an upgrade key
http://help.mysonicwall.com/sw/eng/419/ui2/41/Install_ViewPoint.html
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setup small office network 1 56
NAT/PAT unable to config correctly 7 41
Failover for DMVPN 3 27
FTP through ASA 9.5 1 8
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question