SonicWALL 3 User Manual

179

Chapter 31: 

Configuring Network Access

Rules

Network Access Rules are management tools that allow you to define inbound and outbound access 
policy, configure user authentication, and enable remote management of the SonicWALL. 

By default, the SonicWALL’s stateful packet inspection allows all communication from the LAN to the 
Internet, and blocks all traffic to the LAN from the Internet. The following behaviors are defined by the 
“Default” stateful inspection packet rule enabled in the SonicWALL:

•

Allow all sessions originating from the LAN, OPT, DMZ, or WLAN to the WAN

•

Deny all sessions originating from the WAN to the LAN, OPT, DMZ, or WLAN

Additional Network Access Rules can be defined to extend or override the default rules. For example, 
rules can be created that block certain types of traffic such as IRC from the LAN to the WAN, or allow 
certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the 
Internet to specific hosts on the LAN, or restrict use of certain protocols such as Telnet to authorized 
users on the LAN. 

The custom rules evaluate network traffic source IP addresses, destination IP addresses, IP protocol 
types, and compare the information to rules created on the SonicWALL. Network Access Rules take 
precedence, and can override the SonicWALL stateful packet inspection. For example, a rule that 
blocks IRC traffic takes precedence over the SonicWALL default setting allowing this type of traffic. 

S

Alert: The ability to define Network Access Rules is a very powerful tool. Using custom rules can 
disable firewall protection or block all access to the Internet. Use caution when creating or deleting 
Network Access Rules.