Manualshelf

User Guide

ManualsBrandsSonicWALL ManualsOtherINTERNET SECURITY APPLIANCE
81828384858687888990
Page 82 SonicWALL Internet Security Appliance User’s Guide
3. Select the name of the service affected by the Rule from the Service list. If the serv-
ice is not listed, you must define the service in the Add Service window. The Default
service encompasses all IP services.
4. Select the source of the traffic affected by the rule, either LAN, WAN, DMZ, or *, from
the Source Ethernet menu.
If you want to define the source IP addresses that are affected by the rule, such as
restricting certain users from accessing the Internet, enter the starting IP addresses of
the address range in the Addr Range Begin field and the ending IP address in the
Addr Range End field. To include all IP addresses, enter * in the Addr Range Begin
field.
5. Select the destination of the traffic affected by the rule, either LAN, WAN, DMZ, or *,
from the Destination Ethernet menu.
If you want to define the destination IP addresses that are affected by the rule, for
example, to allow inbound Web access to several Web servers on your LAN, enter the
starting IP addresses of the address range in the Addr Range Begin field and the
ending IP address in the Addr Range End field. To include all IP addresses, enter *
in the Addr Range Begin field.
6. Select always from the Apply this rule menu if the rule is always in effect.
Select from the Apply this rule to define the specific time and day of week to enforce
the rule. Enter the time of day (in 24-hour format) to begin and end enforcement. Then
select the day of week to begin and end enforcement.
Note: If you want to enable the rule at different times depending on the day of the
week, you have to make additional rules for each time period.
7. If you would like for the rule to timeout after a period of inactivity, set the amount of
time, in minutes, in the Inactivity Timeout in Minutes field. The default value is 5
minutes.
8. Do not select the Allow Fragmented Packets check box. Large IP packets are often
divided into fragments before they are routed over the Internet and then reassembled
at a destination host. Because hackers exploit IP fragmentation in Denial of Service
attacks, the SonicWALL blocks fragmented packets by default. You can override the
default configuration to allow fragmented packets over PPTP or IPSec.
9. Click Update. Once the SonicWALL has been updated, the new rule appears in the list
of Current Network Access Rules.
Note: Although custom rules can be created that allow inbound IP traffic, the
SonicWALL does not disable protection from Denial of Service attacks, such as the SYN
Flood and Ping of Death attacks.
integrated_manual.book Page 82 Friday, October 12, 2001 2:56 PM