Understanding The Access Rule Hierarchy - Dell SonicWALL GX250 Manual

been updated, a message confirming the update is displayed at the bottom of the
browser window.

Understanding the Access Rule Hierarchy

The rule hierarchy has two basic concepts:
1. Specific rules override general rules.
• An individual service is more specific than the Default service.
• A single Ethernet link, such as LAN or WAN, is more specific than * (all).
• A single IP address is more specific than an IP address range.
2. Equally specific Deny rules override Allow rules.
Rules are displayed in the Current Network Access Rules list from the most specific
to the least specific, and rules at the top override rules listed below. For example,
consider the section of the Rules window shown below.
The Default Allow Rule (#7) at the bottom of the page allows all traffic from the LAN
to the WAN. However, Rule #1 blocks IRC (Chat) traffic from a computer on the LAN
to a server on the WAN.
The Default Deny Rule (#6) blocks all traffic from the WAN to the LAN, however,
Rule #2 overrides this rule by allowing Web traffic from the WAN to the LAN.
Examples
The following examples illustrate methods for creating Network Access Rules.
Blocking LAN access for specific services
This example shows how to block LAN access to NNTP servers on the Internet
during business hours.
1. Click Add New Rule in the Rules window to launch the Add Network
Access Rule Web browser window.
SonicWALL Internet Security Appliance Guide Page 89