SonicWALL TZ 190 Manuale Utente

Create Address Object Groups of sanctioned servers (e.g. SMTP, DNS, etc.)

Create Access Rules in the relevant Zones allowing only authorized SMTP servers on your 
network to communicate outbound SMTP; block all other outbound SMTP traffic to prevent 
intentional or unintentional outbound spamming.

Create Access Rules in the relevant Zones allowing authorized DNS servers on your 
network to communicate with all destination hosts using DNS protocols (TCP/UDP 53). Be 
sure to have this rule in place if you have DNS servers on your network, and you will be 
configuring the restrictive DNS rule that follows. 

Create Access Rules in the relevant Zones allowing Firewalled Hosts to only communicate 
DNS (TCP/UDP 53) with sanctioned DNS servers; block all other DNS access to prevent 
communications with unauthorized DNS servers.

Unsanctioned access attempts will then be viewable in the logs.

MAC and FQDN DAOs provide extensive Access Rule construction flexibility. MAC and FQDN 
AOs are configured in the same fashion as static Address Objects, that is from the Network > 
Address Objects page. Once created, their status can be viewed by a mouse-over of their 
appearance, and log events will record their addition and deletion.

Dynamic Address Objects lend themselves to many applications. The following are just a few 
examples of how they may be used. Future versions of SonicOS Enhanced may expand their 
versatility even further.