HELP
TABLE OF CONTENTS

Access>Rules>Add New Rule

You create your Network Access Rules in the Add Rule window.

Adding a New Rule

  1. Click Add New Rule in the Rules page to open the Add Rule window.

  2. Select Allow or Deny in the Action list depending upon whether the rule is intended to permit or block IP traffic.

  3. Select the name of the service affected by the Service menu. If the service is not listed, you must define the service in the Add Service page. The Any entry in the Service menu encompasses all the services.

  4. Select the source of the traffic affected by the rule, either LAN, DMZ, WAN, or * (all), from the Interface menu.

  5. If you want to define the source IP addresses that are affected by the rule, such as restricting certain users from accessing the Internet, enter the starting IP addresses of the address range in the Addr Range Begin field and the ending IP address in the Addr Range End field. To include all IP addresses, enter * in the Addr Range Begin field.

  6. Select the destination of the traffic affected by the rule, either LAN, DMZ or WAN or *(all), from the Destination menu.

    If you want to define the destination IP addresses that are affected by the rule, for example, to allow inbound Web access to several Web servers on your LAN, enter the starting IP addresses of the address range in the Addr Range Begin field and the ending IP address in the Addr Range End field. To include all IP addresses, enter * in the Addr Range Begin field.

  7. If you selected Allow from the Action setting, select the user level you want for the access rule from the Users Allowed menu. You can select All (any users), Authenticated Users (only authenticated users as defined in the Access>Users page), Administrator (the SonicWALL administrator) or any individual authenticated user listed in the Users Allowed menu. The individual authenticated users listed in the Users Allowed menu are derived from the entries in the Access>Users page.
  1. Select always from the Apply this rule menu if the rule is always in effect.

  2. Select from the Apply this rule to define the specific time and day of week to enforce the rule. Enter the time of day (in 24-hour format) to begin and end enforcement. Then select the day of the week to begin and end enforcement.

Tip! If you want to enable the rule at different times depending on the day of the week, make additional rules for each time period.

  1. If you would like for the rule to timeout after a period of inactivity, set the amount of time, in minutes, in the Inactivity Timeout in Minutes field. The default value is 5 minutes.

  2. Do not select the Allow Fragmented Packets check box. Large IP packets are often divided into fragments before they are routed over the Internet and then reassembled at a destination host. Because hackers exploit IP fragmentation in Denial of Service attacks, the SonicWALL blocks fragmented packets by default. You can override the default configuration to allow fragmented packets over PPTP or IPSec.

  3. If you want to enable outbound bandwidth management, select Enable Outbound Bandwidth Management and complete the following settings:
  1. Click Update. Once the SonicWALL has been updated, the new rule appears in the Current Network Access Rules table.

Tip! Although custom rules can be created that allow inbound IP traffic, the SonicWALL does not disable protection from Denial of Service attacks, such as the SYN Flood and Ping of Death attacks.

Alert! Bandwidth management is very complex and requires extensive knowledge of networks and networking protocols. Incorrect bandwidth management may cause network problems or degradation of network performance.

Add Rule Examples

Allow Internet Traffic to Your Web Server

To configure the SonicWALL to allow Internet traffic to your Web server with an IP address of 208.5.5.5 (Standard mode), create the following rule:

  1. Click the Rules tab, and click Add New Rule.

  2. Select Allow, then Web (HTTP) from the Service menu.

  3. Select WAN from the Source menu, and leave the Addr Range Begin and Addr Range End as they appear.

  4. Select LAN from the Destination menu, and enter in the IP address of the Web server, 208.5.5.5 in the Addr Range Begin field. No IP address is added in the Addr Range End since the destination is not a range of IP addresses.

  5. Select the user level you want for the access rule from the Users Allowed menu. You can select All (any users), Authenticated Users (only authenticated users as defined in the Access>Users page), Administrator (the SonicWALL administrator) or any individual authenticated user listed in the Users Allowed menu. The individual authenticated users listed in the Users Allowed menu are derived from the entries in the Access>Users page.

  6. Select always from the Apply this rule menu.

  7. Enter a value (in minutes) in the Activity Timeout in Minutes field.

  8. Do not select the Allow Fragmented Packets check box.

  9. If you want the Rule to have guaranteed bandwidth, select Enable Outbound Bandwidth Management, and enter values for Guaranteed Bandwidth, Maximum Bandwidth, and Bandwidth Priority.

  10. Click Update to add the rule to the SonicWALL.

Tip! The source part (WAN or LAN) can be limited to certain parts of the Internet using a range of IP addresses on the WAN or LAN. For example, the following rule can be used to configure the same Web server to be only visible from a single C class subnet on the Internet: Allow HTTP, Source WAN 216.77.88.1 - 216.77.88.254, Destination LAN 208.5.5.5.

Blocking LAN Access for Specific Services

This example shows how to block LAN access to NNTP servers on the Internet during business hours.

  1. Click Add New Rule in the Rules window to launch the Add Network Access Rule Web browser window.

  2. Select Deny from the Action menu.

  3. Select NNTP from the Service menu. If the service is not listed in the list, you must to add it in the Add Service window.

  4. Select LAN from the Source menu.

  5. Since all computers on the LAN are to be affected, enter * in the Addr Range Begin field.

  6. Select WAN from the Destination menu.

  7. Enter * in the Addr Range Begin field to block access to all NNTP servers.

  8. Select Apply this rule "from" to configure the time of enforcement.

  9. Enter "8:30" and "17:30" in the hour fields.

  10. Select Mon to Fri from the menu.

  11. Click Update to add your new Rule.

Enabling Ping

By default, your SonicWALL does not respond to ping requests from the Internet. This Rule allows ping requests from your ISP servers to your SonicWALL.

  1. Click Add New Rule in the Rules window to launch the Add Rule window.

  2. Select Allow from the Action menu.

  3. Select Ping from the Service menu.

  4. Select WAN from the Source menu.

  5. Enter the starting IP address of the ISP network in the Addr Range Begin field and the ending IP address of the ISP network in the Addr Range End field.

  6. Select LAN from the Destination menu.

  7. Since the intent is to allow a ping only to the SonicWALL, enter the SonicWALL LAN IP Address in the Addr Range Begin field.

  8. Select All from the Users Allowed menu.

  9. Select Always from the Apply this rule menu to ensure continuous enforcement.

  10. Click Update to add your new Rule.

Help Table of Contents