The Services page displays the Network Access Rules (By Service) table. Rules are sorted from the most specific at the top, to less specific at the bottom of the table. At the bottom of the table is the Any rule. The Any rule is all IP services except those listed in the Services page. Rules can be created to override the behavior of the Any rule; for example, the Any rule allows users on the LAN to access all Internet services, including NNTP News. However, LAN access to NNTP can be unblocked by deselecting LAN Out corresponding to the NNTP News service.

Tip! The LAN In column is not displayed if NAT is enabled.

The Services page allows you to customize Network Access Rules by service. Services displayed in the Services window relate to the rules in the Rules window, so any changes on the Services window appear in the Rules window. The Any rule, at the bottom of the table, encompasses all Services.

What are Network Access Rules?

Network Access Rules are management tools that allow you to define inbound and outbound access policy, configure user authentication, and enable remote management of the SonicWALL. By default, the SonicWALL’s stateful packet inspection allows all communication from the LAN to the Internet, and blocks all traffic to the LAN from the Internet. The following behaviors are defined by the “Default” stateful inspection packet rule enabled in the SonicWALL:

Additional Network Access Rules can be defined to extend or override the default rules. For example, rules can be created that block certain types of traffic such as IRC from the LAN to the WAN, or allow certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the Internet to specific hosts on the LAN, or restrict use of certain protocols such as Telnet to authorized users on the LAN.

The custom rules evaluate network traffic source IP address, destination IP address, IP protocol type, and compare the information to rules created on the SonicWALL. Network Access Rules take precedence, and can override the SonicWALL’s stateful packet inspection. For example, a rule that blocks IRC traffic takes precedence over the SonicWALL default setting of allowing this type of traffic.

Alert! The ability to define Network Access Rules is a very powerful tool. Using custom rules can disable firewall protection or block all access to the Internet. Use caution when creating or deleting Network Access Rules.

Network Access Rules (By Service)

Alert! If an Alert Icon appears next to a LAN Out, LAN In, or DMZ In check box, a rule in the Rules window modifies that service.

Windows Networking (NetBIOS) Broadcast Pass Through

Computers running Microsoft Windows communicate with one another through NetBIOS broadcast packets. By default, the SonicWALL blocks these broadcasts.

If you select From LAN to DMZ, your SonicWALL enables NetBIOS broadcasts from the LAN to the DMZ port to allow LAN users to view computers on the DMZ in their Windows Network Neighborhood.

If you select LAN to WAN, your SonicWALL enables NetBIOS broadcasts from LAN to the WAN port to allow LAN users to view computers on remote networks in their Windows Network Neighborhood.

Windows Messenger

Select Enable Support if you are having problems using Windows Messenger through the SonicWALL.

Alert! If Enable Support is selected, it may affect the performance of the SonicWALL.



Select Enable Support if you are having problems using videoconferencing based on the H.323 standard. H.323 promotes compatibility for videoconferencing over IP networks as well as interoperability in audio, video and data transmissions.


Detection Prevention

Network Connection Inactivity Timeout

If a connection to a remote server remains idle for more than five minutes, the SonicWALL closes the connection. Without this timeout, Internet connections could stay open indefinitely, creating potential security holes. You can increase the Inactivity Timeout if applications, such as Telnet and FTP, are frequently disconnected.


Help Table of Contents