Enforced Client Product Guide

Using the Firewall Protection Service

 

Configuring policies for firewall protection

5

Select a firewall protection mode

Specify how the firewall protection service responds to suspicious activity on client computers.

„Protect: It blocks the suspicious activity.

„Prompt: It displays a dialog box with information about the detection, and allows the user to select a response. This option is the default.

„Report: It reports suspicious activity to the SecurityCenter and takes no additional action.

For all modes, detections are reported to the SecurityCenter, where you can view information about them in reports.

To prevent popup prompts from appearing on client computers when applications are detected, and for highest security, we recommend using Protect mode.

To specify a response to firewall detections:

1On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy).

2Click the Desktop Firewall tab, select a Firewall Protection Mode, then click Save.

Use the following table to determine how policy options are implemented in the different protection modes.

Mode

Behavior of protection service

 

 

Report

„ No user prompts.

 

„ Detections reported to SecurityCenter.

 

„ Administrator can select allowed applications, which are not reported as

 

detections.

 

„ Can be used as a Learn mode.

 

 

Prompt

„ Users prompted about detections.

 

„ Detections reported to SecurityCenter.

 

„ Administrator can select allowed applications. These applications are not

 

reported as detections, and users are not prompted for a response to them.

 

„ Users can approve additional applications in response to prompts. These are

 

reported to SecurityCenter.

 

 

Protect

„ Users not prompted about detections.

 

„ Users notified about deleted or quarantined applications.

 

„ Detections reported to SecurityCenter.

 

„ Administrator can select allowed applications. These applications are not

 

reported as detections.

 

 

 

If the policy is changed from Prompt mode to Protect mode or Report mode, the firewall

 

protection service does not save user settings for allowed applications. If the policy is then

 

changed back to Prompt mode, users need to specify allowed applications again.

 

 

Learn mode

Report mode can be used as a “learn mode” to help you determine which applications to allow (see Set up allowed Internet applications on page 121). In Report mode, the firewall protection service tracks but does not block unrecognized Internet applications. You can review detected applications in the Unrecognized Programs report (see View unrecognized Internet applications on page 123) and approve those that are appropriate for your policy. When you no longer see applications you want to allow in the report, change the policy setting to Prompt or Protect mode.

115

Page 114 Page 116
Page 115
Image 115
SonicWALL 4.5 manual Select a firewall protection mode, Learn mode, 115, Reported as detections
Page 114 Page 116

4.5 specifications

SonicWALL 4.5 is a robust network security solution designed to address the evolving challenges in threat protection and data security. This release brings a suite of advanced features, cutting-edge technologies, and characteristics tailored to enhance system performance and resilience against cyber threats.

One of the highlight features of SonicWALL 4.5 is its Integrated Intrusion Prevention System (IPS). This system provides real-time threat detection and response by monitoring network traffic for potential vulnerabilities and malicious activities. With continuously updated signature-based detection, it ensures that organizations are protected against the latest exploits and attack vectors.

Another key component is the Next-Generation Firewall (NGFW) capabilities, which combine traditional firewall functions with advanced features such as application awareness, user identity control, and content filtering. The NGFW allows organizations to enforce detailed policies based on user roles, thereby enhancing the security posture while maintaining user productivity.

SonicWALL 4.5 also incorporates advanced malware protection through its Capture Advanced Threat Protection (ATP) service. This multi-engine sandboxing technology analyzes suspicious files and URLs in a secure environment, providing organizations with in-depth insights into potential threats before they reach the network.

Furthermore, the solution includes enhancements to Secure Mobile Access, enabling secure remote connections while ensuring that sensitive data remains protected. With features like SSL VPN, SonicWALL 4.5 allows users to securely access private networks from anywhere while maintaining compliance with data protection regulations.

In terms of management, SonicWALL 4.5 introduces an intuitive interface for centralized management, enabling IT administrators to configure and monitor multiple devices effortlessly. The reporting and logging capabilities are enhanced, providing detailed insights into network activity, which is crucial for compliance and forensic analysis.

SonicWALL 4.5 also prioritizes user experience and performance with its optimized hardware, ensuring faster processing speeds and reduced latency. Features like high availability and load balancing further enhance system reliability.

In summary, SonicWALL 4.5 stands out with its integrated IPS, NGFW capabilities, advanced malware protection through Capture ATP, secure mobile access, intuitive management interface, and optimized performance. This comprehensive suite of features positions SonicWALL 4.5 as a formidable player in the realm of network security, making it an appealing choice for organizations seeking robust protection against an ever-evolving threat landscape.
Top Page Image Contents