HELP
TABLE OF CONTENTS

Firewall > Access Rules > Add Rule/Edit Rule

The Add Rule window allows you to configure a new access rule for the specific Interface. The Edit Rule window allows you to edit an existing access rule. The settings in these windows are the same.

Adding a New Rule

  1. Click Add. The Add Rule window appears.
  2. Select Allow or Deny or Discard from the Action list depending upon whether the rule is intended to permit or block IP traffic.
  3. Select a zone from the From Zone menu.
  4. Select a zone from the To Zone menu.
  5. Select the service or group of services affected by the Rule from the Service menu. If the service is not listed, you must define the service in the Add Service window accessed from the Firewall > Services page. The Any service encompasses all IP services. Selecting Create New Service or Create New Group displays the Add Service or Add Service Group window.
  6. Select the source of the traffic affected by the rule from the Source menu. Selecting Create New Network displays the Add Address Object window from the Network > Address Objects page.
  7. Select the destination of the traffic affected by the rule from the Destination menu. Selecting Create New Network displays the Add Address Object window from the Network > Address Objects page.
  1. If you selected Allow in the Action list, select the users allowed from the Users Allowed menu. You can select from All, Administrator, Everyone, or any users or user groups you've defined in the Users > Local Users or Users > Local Groups pages.
  2. Specify the time schedule for the rule enforcement. You can use the default Always on or choose a predefined schedule created in the Firewall>Schedule page or choose Create new schedule, which displays the Add Schedule window for configuring a schedule.
  3. Type an optional comment in the Comment field, which displays when the user mouse pointer moves over the rule.
  4. Check the Enable Logging checkbox to enable logging of this rule.
  5. Check the Allow Fragmented Packets checkbox to allow fragmented packets. It's recommended that you do not select the Allow Fragmented Packets check box. Large IP packets are often divided into fragments before they are routed over the Internet and then reassembled at a destination host. Because hackers exploit IP fragmentation in Denial of Service attacks, the SonicWALL blocks fragmented packets by default. You can override the default configuration to allow fragmented packets over PPTP or IPSec.
  6. Click the Advanced tab.
  1. If you would like for the rule to timeout after a period of inactivity, set the amount of time, in minutes, in the TCP Connection Inactivity Timeout (minutes) field. The default value is 5 minutes.
  2. Check the Create a reflective rule checkbox if you want to automatically create a rule for the opposite traffic direction.
  3. Click OK.

Help Table of Contents