How to Configure Botnet Filtering with Firewall Access Rules
Description
This article covers how to use SonicWall Botnet security service with access rule. This article will demonstrate how to create a firewall access rule for a mail server so that the mail server will be protected from going to a Botnet command and control website while the rest of the network traffic will be passed without being scanned by the Botnet security service.
NOTE: When implementing Botnet Security to website(s) make sure to evaluate all depending business applications; blocking access to a Botnet listed website(s) may impact dependent applications/process.
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Step 1: Create an Address Object for the Mail Server.
- Click OBJECT in the top navigation menu
- Navigate to Match Objects | Addresses
- Click on Add
- Enter the Mail Server IP address
- Click on Save
Step 2: Click POLICY in the top navigation menu
- Navigate to Security Services | Botnet filter
- Enable Block connections to/from Botnet Command and Control Servers based on Firewall Rule-based Connections and Enable Logging
- Click on ACCEPT to Save
Step 3: Create an Access Rule that we want to apply the Botnet Filter service to.
- Click POLICY in the top navigation menu
- Navigate to Rules and Policies | Access Rules
- Click on Add
- In our example we will create an access rule from the LAN>WAN to enable Botnet Filtering from the Mail Server.
- On Access rule navigate to Security Profiles, Enable BOTNET / CC
- Click on Add
Any traffic going to the Internet from the Mail Server will be scanned via the Botnet Filter Security Service, all other network traffic will not be scanned.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Step 1: Create an Address Object for the Mail Server.
- Click Manage in the top navigation menu
- Navigate to Objects | Address Objects
- Click on Add
- Enter the Mail Server IP address
- Click on OK to Save
Step 2: .
- Click Manage in the top navigation menu
- Navigate to Security Services | Botnet filter
- Enable Botnet Filter Blocking based on the Firewall Access Rules and Enable Logging
- Click on ACCEPT to Save
Step 3: Create an Access Rule that we want to apply the Botnet Filter service to.
- Click Manage in the top navigation menu
- Navigate to Rules | Access Rules
- Click on Add
- In our example we will create an access rule from the LAN>WAN to enable Botnet Filtering from the Mail Server.
- Enable Botnet filter
- Click on OK to Save
Any traffic going to the Internet from the Mail Server will be scanned via the Botnet Filter Security Service, all other network traffic will not be scanned.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Step 1: Create an Address Object for the Mail Server.
Step 2: Enable Botnet Filter Blocking based on the Firewall Access Rules and Enable Logging.
Step 3: Create an Access Rule that we want to apply the Botnet Filter service to. Enable the Botnet Filtering Checkbox on the Access Rule.
In our example we will create an access rule from the LAN>WAN to enable Botnet Filtering from the Mail Server.
Any traffic going to the Internet from the Mail Server will be scanned via the Botnet Filter Security Service, all other network traffic will not be scanned.
