The Advanced page provides access to Advanced Rule Options.
Mode - By default, the SonicWALL responds to incoming connection
requests as either "blocked" or "open". If you enable
Stealth Mode, your SonicWALL does not respond to blocked inbound connection
requests. Stealth Mode makes your SonicWALL essentially invisible to hackers.
IP ID - A Randomize IP ID check box is available to prevent hackers
using various detection tools from detecting the presence of a SonicWALL
appliance. IP packets are given random IP IDs which makes it more difficult
for hackers to “fingerprint” the SonicWALL appliance. Use this check box
for additional security from hackers.
Enable support for Oracle (SQLNet) - Select if you have Oracle applications
on your network.
Enable support for Windows Messenger - Select this option to support
special SIP messaging used in Windows Messenger on the Windows XP.
- Enable SIP Transformations - Select this option to transform SIP
messaging from LAN (trusted to WAN (untrusted). You need to check this setting
when you want the SonicWALL to do the SIP transformation. If your SIP proxy
is located on the public (WAN) side of the SonicWALL and SIP clients are on
the LAN side, the SIP clients by default embed/use their private IP address
in the SIP/Session Definition Protocol (SDP) that are sent to the SIP proxy,
hense these messages are not changed and the SIP proxy does not know how to
get back to the client behind the SonicWALL. Selecting Enable SIP Transformations
enables the SonicWALL to go through each SIP message and change the private
IP address and assigned port. The Enable SIP Transformation also controls
and opens up the RTP/RTCP ports that need to be opened for the SIP session
calls to happen. NAT translates Layer 3 addresses but not the Layer 5 SIP/SDP
addresses, which is why you need to select Enable SIP Transformations
to transform the SIP messages. It's recommended that you turn on Enable
SIP Transformations unless there is another NAT traversal solution that
requires this feature to be turned off. SIP Transformations works in bi-directional
mode and it transforms messages going from LAN to WAN and vice versa.
Enable H.323 Transformation - Select this option to allow
stateful H.323 protocol-aware packet content inspection and modification
by the SonicWALL. The SonicWALL performs any dynamic IP address and transport
port mapping within the H.323 packets, which is necessary for communication
between H.323 parties in trusted and untrusted networks/zones. Clear the
Enable H.323 Transformation to bypass the H.323 specific processing
performed by the SonicWALL.
- Enable RTSP Transformations - Select this option to support on-demand
delivery of real-time data, such as audio and video. RTSP (Real Time Streaming
Protocol) is an application-level protocol for control over delivery of data
with real-time properties.
Source Routed Packets
- Drop source routed IP packets - Selected by default. Clear this
checkbox if you are testing traffic between two specific hosts and you are
using source routing.
TCP Connection Inactivity Timeout
- If a connection to a remote server remains idle for more than five minutes,
the SonicWALL closes the connection. Without this timeout, Internet connections
could stay open indefinitely, creating potential security holes. You can increase
the inactivity timeout if applications, such as Telnet and FTP, are frequently
disconnected. Enter the new timeout value in the Default Connection Timeout
Access Rule Service Options
- Force inbound and outbound FTP data connections to use the default port
20 - The default SonicWALL configuration allows FTP connections from
port 20 but remaps outbound traffic to a port such as 1024. If the check
box is selected, any FTP data connection through the SonicWALL must come
from port 20 or the connection is dropped. The event is then logged as
an event on the SonicWALL.
Help Table of Contents