Table of Contents
Advertisement
5 Firewall
Network Access Rules are management tools that allow you to define inbound and outbound access
policy, configure user authentication, and enable remote management of the SonicWALL.
By default, the SonicWALL's stateful packet inspection allows all communication from the LAN to the
Internet, and blocks all traffic to the LAN from the Internet. The following behaviors are defined by the
"Default" stateful inspection packet rule enabled in the SonicWALL:
•
Allow all sessions originating from the LAN to the WAN and DMZ.
•
Allow all sessions originating from the DMZ to the WAN.
•
Deny all sessions originating from the WAN to the DMZ.
•
Deny all sessions originating from the WAN and DMZ to the LAN.
Additional Network Access Rules can be defined to extend or override the default rules. For example,
rules can be created that block certain types of traffic such as IRC from the LAN to the WAN, or allow
certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the Internet
to specific hosts on the LAN, or restrict use of certain protocols such as Telnet to authorized users on the
LAN.
Custom rules evaluate network traffic source IP addresses, destination IP addresses, IP protocol types,
and compare the information to rules created on the SonicWALL. Network Access Rules take
precedence, and can override the SonicWALL's stateful packet inspection. For example, a rule that blocks
IRC traffic takes precedence over the SonicWALL default setting of allowing this type of traffic.
Alert!
The ability to define Network Access Rules is a very powerful tool. Using custom rules can disable
firewall protection or block all access to the Internet. Use caution when creating or deleting Network
Access Rules.
Using Bandwidth Management with Access Rules
Bandwidth management allows you to assign guaranteed and maximum bandwidth to services and also
prioritize the outbound traffic. Bandwidth management only applies to outbound traffic from the
SonicWALL to the WAN or any other destination. Any rule using bandwidth management has a higher
priority than rules not using bandwidth management. Rules using bandwidth management based the
assigned priority and rules without bandwidth management are given lowest priority. For instance, if you
create a rule for outbound mail traffic (SMTP) and enable Bandwidth Management with a guaranteed
bandwidth of 20 percent and a maximum bandwidth of 40 percent, priority of 0, outbound SMTP traffic
always has 20 percent of available bandwidth available to it and can get as much as 40 percent of
available bandwidth. If this is the only rule using Bandwidth Management, it has priority over all other rules
on the SonicWALL. Other rules use the leftover bandwidth minus 20 percent of bandwidth or minus 40
percent of bandwidth.
Tip!
You must select Bandwidth Management on the WAN>Ethernet page. Click Network, then Configure
in the WAN line of the Interfaces table, and type your available bandwidth in the Available WAN
Bandwidth (Kbps) field.
Firewall Page 85
Advertisement
Table of Contents
