SonicWALL Internet Security Appliances Manual Do Utilizador
Network Access Rules Page 127
10 Network Access Rules
Network Access Rules are management tools that allow you to define inbound and outbound access
policy, configure user authentication, and enable remote management of the SonicWALL.
By default, the SonicWALL’s stateful packet inspection allows all communication from the LAN to
the Internet, and blocks all traffic to the LAN from the Internet. The following behaviors are defined
by the “Default” stateful inspection packet rule enabled in the SonicWALL:
•
policy, configure user authentication, and enable remote management of the SonicWALL.
By default, the SonicWALL’s stateful packet inspection allows all communication from the LAN to
the Internet, and blocks all traffic to the LAN from the Internet. The following behaviors are defined
by the “Default” stateful inspection packet rule enabled in the SonicWALL:
•
Allow all sessions originating from the LAN to the WAN and DMZ.
•
Allow all sessions originating from the DMZ to the WAN.
•
Allow all sessions originating from the WAN to the DMZ.
•
Deny all sessions originating from the WAN and DMZ to the LAN.
Additional Network Access Rules can be defined to extend or override the default rules. For example,
rules can be created that block certain types of traffic such as IRC from the LAN to the WAN, or allow
certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the
Internet to specific hosts on the LAN, or restrict use of certain protocols such as Telnet to authorized
users on the LAN.
The custom rules evaluate network traffic source IP address, destination IP address, IP protocol
type, and compare the information to rules created on the SonicWALL. Network Access Rules take
precedence, and can override the SonicWALL’s stateful packet inspection. For example, a rule that
blocks IRC traffic takes precedence over the SonicWALL default setting of allowing this type of
traffic.
Alert The ability to define Network Access Rules is a very powerful tool. Using custom rules can
disable firewall protection or block all access to the Internet. Use caution when creating or deleting
Network Access Rules.
rules can be created that block certain types of traffic such as IRC from the LAN to the WAN, or allow
certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the
Internet to specific hosts on the LAN, or restrict use of certain protocols such as Telnet to authorized
users on the LAN.
The custom rules evaluate network traffic source IP address, destination IP address, IP protocol
type, and compare the information to rules created on the SonicWALL. Network Access Rules take
precedence, and can override the SonicWALL’s stateful packet inspection. For example, a rule that
blocks IRC traffic takes precedence over the SonicWALL default setting of allowing this type of
traffic.
Alert The ability to define Network Access Rules is a very powerful tool. Using custom rules can
disable firewall protection or block all access to the Internet. Use caution when creating or deleting
Network Access Rules.
Viewing Network Access Rules
The Services window displays a table of defined Network Access Rules. Rules are sorted from the
most specific at the top, to less specific at the bottom of the table. At the bottom of the table is the
Default rule. The Default rule is all IP services except those listed in the Services window. Rules can
be created to override the behavior of the Default rule; for example, the Default rule allows users on
the LAN to access all Internet services, including NNTP News. However, LAN access to NNTP can be
unblocked by deselecting LAN Out corresponding to the NNTP News service.
most specific at the top, to less specific at the bottom of the table. At the bottom of the table is the
Default rule. The Default rule is all IP services except those listed in the Services window. Rules can
be created to override the behavior of the Default rule; for example, the Default rule allows users on
the LAN to access all Internet services, including NNTP News. However, LAN access to NNTP can be
unblocked by deselecting LAN Out corresponding to the NNTP News service.