Sonic OS 2.x Quick Start Guide
15.Select the Zone as DMZ.
16.Enter the IP address assigned to the X3 interface. Enter the network mask assigned to the interface.
17.Enter your comments as applicable.
18.Decide if you want to allow Management and User Logins on this interface.
19.Select the Ethernet tab. As above, make the appropriate entries based on the equipment to be installed on the DMZ Zone.
20.Click OK to save your settings. The new DMZ interface is displayed in the settings.
Objects/Groups - Overview
Sonic OS Enhanced introduces the concept of Objects to your security policy. Objects are either
Example 1 - We want to write firewall rules to allow mail in to and out from our mail server. Instead of just using the mail server’s IP address, we’ll create an Address Object called ‘Mail Server’ and write our firewall rules using this object. If we ever change the address of our mail server, just a simple change of the object will ensure that the address is changed wherever it may be in use.
Example 2 – We would like to block users from accessing Instant Messengers during work hours. We know that the IM services need to connect to certain servers and we know what the IP address ranges are for those servers. The problem is, there are a lot of ranges! The solution: create address objects for each of the IP ranges. Add those address objects to a group called ‘Instant Messengers’, and write a rule that denies all access to the Instant Messenger group. You’ll see later on that this will result in a single firewall rule, instead of the six or more that would have been required without groups.
The same concept of creating an IP address object or group also works for Users and Services.
5
