Firewall > Access Rules
426
SonicOS Enhanced 4.0 Administrator Guide
Adding Access Rules
To add access rules to the SonicWALL security appliance, perform the following steps:
Step 1 Clic k Add at the bottom of the Access Rules table. The Add Rule window is displayed.
Step 2 In the General tab, select Allow | Deny | Discard from the Action list to permit or block IP
traffic.
Step 3 Select the from and to zones from the From Zone and To Zone menus.
Step 4 Select the service or group of services affected by the access rule from the Service list. The
Default service encompasses all IP services.
If the service is not listed, you must define the service in the Add Service window. Select
Create New Service or Create New Group to display the Add Service window or Add Service
Group window.
Step 5 Select the source of the traffic affected by the access rule from the Source list. Selecting
Create New Network displays the Add Address Object window.
Step 6 If you want to define the source IP addresses that are affected by the access rule, such as
restricting certain users from accessing the Internet, type the starting IP addresses of the
address range in the Address Range Begin field and the ending IP address in the Address
Range End field. To include all IP addresses, type * in the Address Range Begin field.
Step 7 Select the destination of the traffic affected by the access rule from the Source list. Selec ting
Create New Network displays the Add Address Object window.
Step 8 From the Users Allowed menu, add the user or user group affected by the access rule.
Step 9 Select a schedule from the Schedule menu. The default schedule is Always on.
Step 10 Enter any comments to help identify the access rule in the Comments field.
Step 11 Do not select the Allow Fragmented Packets check box. Large IP packets are often divided
into fragments before they are routed over the Internet and then reassembled at a destination
host. Because hackers exploit IP fragmentation in Denial of Service (DoS) attacks, the
SonicWALL security appliance blocks fragmented packets by default. You can override the
default configuration to allow fragmented packets over PPTP or IPsec.
Step 12 Click on the Advanced tab.