SonicWALL OS 2.x Network Card User Manual


 
Sonic OS 2.x Quick Start Guide
15.
ed to the X3 interface. Enter the network mask assigned to the
17. Enter your comments as applicable.
ent and User Logins on this interface.
quipment to be
20. Click OK to save your settings. The new DMZ interface is displayed in the settings.
Select the Zone as DMZ.
16. Enter the IP address assign
interface.
18. Decide if you want to allow Managem
19. Select the Ethernet tab. As above, make the appropriate entries based on the e
installed on the DMZ Zone.
Objects/Groups - Overview
S of Objects to your security policy. Objects are either
o
e 2 – We would like to block users from accessing Instant Messengers during work hours.
e concept of creating an IP address object or group also works for Users and Services.
onic OS Enhanced introduces the concept
pre-defined or user-defined elements that can be used by themselves or in groups. Objects relate t
network elements (hosts, subnets or ranges), users, and services. Throughout the new Enhanced
firmware, we will need to define objects and groups in order to create the desired security policy.
Example 1 - We want to write firewall rules to allow mail in to and out from our mail server.
Instead of just using the mail server’s IP address, we’ll create an Address Object called ‘Mail
Server’ and write our firewall rules using this object. If we ever change the address of our mail
server, just a simple change of the object will ensure that the address is changed wherever it may be
in use.
Exampl
We know that the IM services need to connect to certain servers and we know what the IP address
ranges are for those servers. The problem is, there are a lot of ranges! The solution: create address
objects for each of the IP ranges. Add those address objects to a group called ‘Instant Messengers’,
and write a rule that denies all access to the Instant Messenger group. You’ll see later on that this
will result in a single firewall rule, instead of the six or more that would have been required without
groups.
The sam
5