SonicWALL 5.8.1 Manuale Utente
Network > Interfaces
202
SonicOS 5.8.1 Administrator Guide
Based on the source and destination, the packet’s directionality is categorized as either
Incoming or Outgoing, (not to be confused with Inbound and Outbound) where the following
criteria is used to make the determination:
Incoming or Outgoing, (not to be confused with Inbound and Outbound) where the following
criteria is used to make the determination:
Table data is subject to change.
In addition to this categorization, packets traveling to/from zones with levels of additional
trust, which are inherently afforded heightened levels of security
(LAN|Wireless|Encrypted<-->LAN|Wireless|Encrypted) are given the special Trust
classification. Traffic with the Trust classification has all signatures applied (Incoming,
Outgoing, and Bidirectional).
trust, which are inherently afforded heightened levels of security
(LAN|Wireless|Encrypted<-->LAN|Wireless|Encrypted) are given the special Trust
classification. Traffic with the Trust classification has all signatures applied (Incoming,
Outgoing, and Bidirectional).
3.
The direction of the signature. This pertains primarily to IPS, where each signature is
assigned a direction by SonicWALL’s signature development team. This is done as an
optimization to minimize false positives. Signature directions are:
assigned a direction by SonicWALL’s signature development team. This is done as an
optimization to minimize false positives. Signature directions are:
–
Incoming – Applies to Incoming and Trust. The majority of signatures are Incoming, and
they include all forms of application exploits and all enumeration and footprinting
attempts. Approximately 85% of signatures are Incoming.
they include all forms of application exploits and all enumeration and footprinting
attempts. Approximately 85% of signatures are Incoming.
–
Outgoing – Applies to Outgoing and Trust. Examples of Outgoing signatures would
include IM and P2P login attempts, and responses to successfully launched exploits
(e.g. Attack Responses). Approximately 10% of signatures are Outgoing.
include IM and P2P login attempts, and responses to successfully launched exploits
(e.g. Attack Responses). Approximately 10% of signatures are Outgoing.
–
Bidirectional – Applies to all. Examples of Bidirectional signatures would include IM file
transfers, various NetBIOS attacks (e.g. Sasser communications) and a variety of DoS
attacks (e.g. UDP/TCP traffic destined to port 0). Approximately 5% of signatures are
Bidirectional.
transfers, various NetBIOS attacks (e.g. Sasser communications) and a variety of DoS
attacks (e.g. UDP/TCP traffic destined to port 0). Approximately 5% of signatures are
Bidirectional.
4.
Zone application. For a signature to be triggered, the desired security service must be
active on at least one of the zones it traverses. For example, a host on the Internet (X1,
WAN) accessing a Microsoft Terminal Server (on X3, Secondary Bridge Interface, LAN) will
trigger the Incoming signature “IPS Detection Alert: MISC MS Terminal server request, SID:
436, Priority: Low” if IPS is active on the WAN, the LAN, or both.
active on at least one of the zones it traverses. For example, a host on the Internet (X1,
WAN) accessing a Microsoft Terminal Server (on X3, Secondary Bridge Interface, LAN) will
trigger the Incoming signature “IPS Detection Alert: MISC MS Terminal server request, SID:
436, Priority: Low” if IPS is active on the WAN, the LAN, or both.
Dest
Src
Src
Untrusted
Public
Wireless
Encrypted
Trusted
Multicast
Untrusted
Incoming
Incoming
Incoming
Incoming
Incoming
Incoming
Public
Outgoing
Outgoing
Outgoing
Incoming
Incoming
Incoming
Wireless
Outgoing
Outgoing
Trust
Trust
Trust
Incoming
Encrypted
Outgoing
Outgoing
Trust
Trust
Trust
Outgoing
Trusted
Outgoing
Outgoing
Trust
Trust
Trust
Outgoing