SonicOS 7 Match Objects
- SonicOS 7
- Zones
- How Zones Work
- Predefined Zones
- Security Types
- Allow Interface Trust
- Enabling SonicWall Security Services on Zones
- Effect of Wireless and Non-Wireless Controller Modes
- Match Objects > Zones
- The Zone Settings Table
- Adding a New Zone
- Configuring a Zone for Guest Access
- Configuring a Zone for Open Authentication and Social Login
- Configuring a Zone for Captive Portal Authentication with RADIUS
- Configuring a Zone for Customized Policy Message
- Configuring a Zone for Customized Login Page
- Configuring the WLAN Zone
- Configuring the RADIUS Server
- Configuring DPI-SSL Granular Control per Zone
- Enabling Automatic Redirection to the User-Policy Page
- Deleting a Zone
- Addresses
- Types of Address Objects
- About Address Groups
- About UUIDs for Address Objects and Groups
- Addresses Page
- Default Address Objects and Groups
- Default Pref64 Address Object
- Default Rogue Address Groups
- Adding an Address Object
- Editing Address Objects
- Deleting Custom Address Objects
- Purging MAC or FQDN Address Objects
- Creating Address Groups
- Editing Address Groups
- Deleting Address Groups
- Working with Dynamic Address Objects
- Services
- About Default Service Objects and Groups
- Predefined IP Protocols for Custom Service Objects
- Adding Service Objects using Predefined Protocols
- Adding Custom IP Type Services
- Editing Custom Service Objects
- Deleting Custom Service Objects
- Adding Custom Service Groups
- Editing Custom Service Groups
- Deleting Custom Service Groups
- URI Lists
- Match Objects
- Schedules
- Dynamic Group
- Email Addresses
- SonicWall Support
Configuration Example
Assume an administrator needs to allow RSVP (Resource Reservation Protocol - IP Type 46) and SRP (Spectralink™ Radio Protocol – IP type 119) from all clients on the WLAN zone (WLAN Subnets) to a server on the LAN zone (for example, 10.50.165.26). You can define custom IP type service objects to handle these two services.
To define a custom IP type service and related configuration:
- Navigate to Object > Match Objects > Services > Service Objects page.
-
Click the Add button. The Service Objects dialog displays.
-
Enter a descriptive name for the service object in the Name field.
-
Select Custom IP type from the Protocol drop-down menu.
-
In the field to the right of the Protocol drop-down list, type in the protocol number for the Custom IP Type.
The Port Range and Sub Type fields are not definable or applicable to a Custom IP Type.
Attempts to define a custom protocol type service object for a predefined IP type is not permitted and results in an error message.
- Click Save.
- Repeat Step 3 through Step 6 for each custom service to be defined.
- Navigate to Object > Match Objects > Services > Service Groups page.
-
Click the Add button. The Service Groups dialog displays.
- Enter a descriptive name for the service group in the Name field, such as myServices.
-
Select the custom service objects you just created from the list on the left, and then click the Right Arrow button to move them into the list on the right.
Press Ctrl or Shift to select multiple service objects, and then click the Right Arrow button to move them all at one time.
- Click Save.
- Navigate to Object > Match Objects > Services > Service Objects page.
- Click the Add button. The Service Objects dialog displays.
- Create an address object for the host that the WLAN Subnets can access using myServices.
-
Select the custom service objects you just created from the list on the left, and then click the Right Arrow button to move them into the list on the right.
Press Ctrl or Shift to select multiple service objects, and then click the Right Arrow button to move them all at one time.
- Click Save.
- Navigate to Policy > Rules and Policies > Access Rules page to create a WLAN > LAN rule.
-
Define an access rule allowing myServices from WLAN Subnets to the 10.50.165.26 address object.
It may be necessary to create an access rule for bidirectional traffic; for example, an additional access rule from the LAN > WLAN allowing myServices from 10.50.165.26 to WLAN Subnets.
-
Click Save.
IP protocol 46 and 119 traffic will now be recognized and allowed to pass from WLAN Subnets to the host at 10.50.165.26.
Was This Article Helpful?
Help us to improve our support portal