Table of Contents
Advertisement
10. Click the Advanced tab.
11. Do not select the Allow Fragmented Packets check box. Large IP packets are often divided into
fragments before they are routed over the Internet and then reassembled at a destination host.
Because hackers exploit IP fragmentation in Denial of Service attacks, the SonicWALL blocks
fragmented packets by default. You can override the default configuration to allow fragmented
packets over PPTP or IPSec.
12. If you would like for the rule to timeout after a period of inactivity, set the amount of time, in minutes,
in the Inactivity Timeout (minutes) field. The default value is 5 minutes.
13. Click the Bandwidth tab. Select Enable Outbound Bandwidth Management ('allow' rules only),
and enter the Guaranteed Bandwidth in Kbps.
14. Enter the maximum amount of bandwidth available to the Rule at any time in the Maximum
Bandwidth field.
Tip!
Rules using Bandwidth Management take priority over rules without bandwidth management.
15. Assign a priority from 0 (highest) to 7 (lowest) in the Bandwidth Priority list.
16. Click OK.
Tip!
Although custom rules can be created that allow inbound IP traffic, the SonicWALL does not disable
protection from Denial of Service attacks, such as the SYN Flood and Ping of Death attacks.
Adding New Rule Examples
The following examples illustrate methods for creating Network Access Rules.
Blocking LAN Access for Specific Services
This example shows how to block LAN access to NNTP servers on the Internet during business hours.
1. Click Add to launch the Add window.
2. Select Deny from the Action settings.
3. Select NNTP from the Service menu. If the service is not listed in the list, you must to add it in the
Add Service window.
4. Select Any from the Source menu.
Firewall Page 89
Advertisement
Table of Contents
