Manuals / SonicWALL / Household Appliance / Home Security System

SonicWALL NSA 5000, 3500, 4500 manual Creating Network Access Rules

Models: 3500 NSA 5000 4500

1 74

Download 74 pages 53.01 Kb

Page 39

Creating Network Access Rules

Creating Network Access Rules

A zone is a logical grouping of one or more interfaces designed to make management, such as the definition and application of access rules, a simpler and more intuitive process than following a strict physical interface scheme.

By default, the SonicWALL security appliance’s stateful packet inspection allows all communication from the LAN to the Internet, and blocks all traffic from the Internet to the LAN. The following behaviors are defined by the “Default” stateful inspection packet access rule enabled in the SonicWALL security appliance:

Originating Zone	Destination Zone	Action


LAN, WLAN	WAN, DMZ	Allow

DMZ	WAN	Allow

WAN	DMZ	Deny

WAN and DMZ	LAN or WLAN	Deny

To create an access rule:

1.On the Firewall > Access Rules page in the matrix view, click the arrow connecting the two zones that need a rule.

2.On the Access Rules page, click Add.

The access rules are sorted from the most specific at the top to the least specific at the bottom of the table. At the bottom of the table is the Any rule.

Page 38 Creating Network Access Rules

Image 39

SonicWALL NSA 5000, 3500, 4500 manual Creating Network Access Rules

Contents

NETWORK SECURITY Getting Started GuideSonicWALL Network Security Appliances NSA 5000/4500/35006Product Safety and Regulatory Information - page Document Contents1Pre-ConfigurationTasks - page 4Additional Deployment Configuration - pageSonicWALL NSA Series FrontBack In this Section Pre-ConfigurationTasksAny Items Missing? Check Package ContentsRegistration Information Obtain Configuration InformationAdministrator Information Obtain Internet Service Provider ISP InformationAlarmLED Indicates an alarm condition The Front PanelFeature Reset ButtonDescription The Back PanelIcon Feature Power SupplyPage 8 The Back Panel In this Section Page 10 Before You Register Before You RegisterRegistration Next Steps - page Product RegistrationLicensing Security Services and Software - page Product Registration - pageLicensing Security Services and Software To purchase a product or service, click Buy Now Enabling Security Services in SonicOS - page Registering a Second Appliance as a BackupRegistration Next Steps Accessing the Management Interface - pageIn this Section Deployment ScenariosUse Scenario Selecting a Deployment ScenarioCurrent Gateway Configuration New Gateway ConfigurationScenario A NAT/Route Mode Gateway Page 18 Selecting a Deployment Scenario Scenario B State Sync Pair in NAT/Route ModeCThird Party Gateway Scenario C L2 Bridge ModeConnecting the WAN Port - page Initial SetupConnecting the WAN Port System RequirementsApplying Power Connecting the LAN PortAccessing the Setup Wizard Accessing the Management InterfaceTesting Your Connection Connecting to Your NetworkEnabling Security Services in SonicOS - page Activating Licenses in SonicOSSaving a Backup Copy of Your Preferences - page Saving a Backup Copy of Your PreferencesUpgrading Firmware on Your SonicWALL Obtaining the Latest FirmwareUpgrading the Firmware with Current Settings Upgrading the Firmware with Factory DefaultsUsing SafeMode to Upgrade Firmware Scenario Uploaded Firmware - NewIf You Are Following Proceed to SectionConfiguring High Availability - page Configuring a State Sync Pair in NAT/Route ModeInitial High Availability Setup Initial High Availability Setup - pageConfiguring Advanced HA Settings Configuring High Availability5.Optionally adjust the Heartbeat Interval to control how often the two units communicate. The default is 5000 milliseconds the minimum recommended value is 1000 milliseconds. Less than this may cause unnecessary failovers, especially when the SonicWALL is under a heavy load Synchronizing Settings Synchronizing Firmware Adjusting High Availability SettingsHA License Configuration Overview 8.Click Register Associating Pre-RegisteredAppliancesConnection Overview - page Configuring L2 Bridge ModeConfiguring the Primary Bridge Interface Connection OverviewScenario Configuring the Secondary Bridge InterfaceIf You Are Following Proceed to SectionIn this Section Additional Deployment ConfigurationCreating Network Access Rules 3.In the Add Rule page in the General tab, select Allow Deny Discard from the Action list to permit or block IP traffic Creating a NAT Policy Before configuring NAT Policies, you must create all Address Objects associated with the policy. For instance, if you are creating a One-to-OneNAT policy, first create Address Objects for your public and private IP addresses Configuring Address Objects 2.For Original Source, select Any Configuring NAT Policies6.For Original Service, select Any 7.For Translated Service, select OriginalEnabling Gateway Anti-Virus - page Enabling Security Services in SonicOSEnabling Gateway Anti-Virus Enabling Intrusion Prevention Services - pageRestrict Transfer of password-protectedZip files - Disables the transfer of password protected ZIP files over any enabled protocol. This option only functions on protocols that are enabled for inspection Enabling Intrusion Prevention Services Enabling Anti-Spyware Applying Security Services to Network Zones Configuring a Wireless Zone - page Deploying SonicPoints for Wireless AccessConfiguring SonicPoint Provisioning Profiles Updating SonicPoint Firmware2.In the 802.11g Radio tab Select Enable Radio Select Enable SonicPointConfiguring a Wireless Zone Assigning an Interface to the Wireless Zone SonicOS Enhanced Administrator’s Guide Connecting the SonicPointUsing the Active Connections Monitor - page Troubleshooting Diagnostic ToolsUsing Packet Capture Using Packet Capture - page Using Ping - pageUsing Ping Page 56 Troubleshooting Diagnostic Tools Using the Active Connections MonitorUsing Log View Deployment Configuration Reference Checklist For this TaskSee this Chapter SonicWALL Live Product Demos - page Support and Training OptionsCustomer Support - page Support Services - page In this SectionSupport Services Customer SupportPage 60 Customer Support Knowledge Portal SonicWALL Live Product DemosUser Forums Authorized Training Partners TrainingE-Training Instructor-LedTraining Custom Training Technical CertificationSonicWALL GVC 4.0 Administrator’s Guide Related DocumentationSonicOS Enhanced Administrator’s Guide SonicOS Enhanced Feature ModulesIn this Section Product Safety and Regulatory InformationCable Connections Safety and Regulatory InformationLithium Battery Warning Rack Mounting the SonicWALLKabelverbindungen Safety and Regulatory Information in GermanWeitere Hinweise zur Montage Hinweis zur LithiumbatterieRegulatory Information for Korea FCC Part 15 Class A NoticeCanadian Radio Frequency Emissions Statement CISPR 22 EN 55022 Class ATrademarks Copyright NoticePage 70 Notes Page Page 72 Notes SonicWALL, Inc P/N Rev A 01/08