SonicOS 7 Match Objects
- SonicOS 7
- Zones
- How Zones Work
- Predefined Zones
- Security Types
- Allow Interface Trust
- Enabling SonicWall Security Services on Zones
- Effect of Wireless and Non-Wireless Controller Modes
- Match Objects > Zones
- The Zone Settings Table
- Adding a New Zone
- Configuring a Zone for Guest Access
- Configuring a Zone for Open Authentication and Social Login
- Configuring a Zone for Captive Portal Authentication with RADIUS
- Configuring a Zone for Customized Policy Message
- Configuring a Zone for Customized Login Page
- Configuring the WLAN Zone
- Configuring the RADIUS Server
- Configuring DPI-SSL Granular Control per Zone
- Enabling Automatic Redirection to the User-Policy Page
- Deleting a Zone
- Addresses
- Types of Address Objects
- About Address Groups
- About UUIDs for Address Objects and Groups
- Addresses Page
- Default Address Objects and Groups
- Default Pref64 Address Object
- Default Rogue Address Groups
- Adding an Address Object
- Editing Address Objects
- Deleting Custom Address Objects
- Purging MAC or FQDN Address Objects
- Creating Address Groups
- Editing Address Groups
- Deleting Address Groups
- Working with Dynamic Address Objects
- Services
- About Default Service Objects and Groups
- Predefined IP Protocols for Custom Service Objects
- Adding Service Objects using Predefined Protocols
- Adding Custom IP Type Services
- Editing Custom Service Objects
- Deleting Custom Service Objects
- Adding Custom Service Groups
- Editing Custom Service Groups
- Deleting Custom Service Groups
- URI Lists
- Match Objects
- Schedules
- Dynamic Group
- Email Addresses
- SonicWall Support
Enforcing the Use of Sanctioned Servers on the Network
Although not a requirement, it is recommended to enforce the use of authorized or sanctioned servers on the network. This practice can help to reduce illicit network activity, and will also serve to ensure the reliability of the FQDN wildcard resolution process. In general, it is good practice to define the endpoints of known protocol communications when possible. For example:
- Create address groups of sanctioned servers (for example, SMTP, DNS)
-
Create access rules in the relevant zones allowing only authorized SMTP servers on your network to communicate outbound SMTP; block all other outbound SMTP traffic to prevent intentional or unintentional outbound spamming.
-
Create access rules in the relevant zones allowing authorized DNS servers on your network to communicate with all destination hosts using DNS protocols (TCP/UDP 53).
Be sure to have this rule in place if you have DNS servers on your network, and you will be configuring the restrictive DNS rule that follows.
-
Create access rules in the relevant zones allowing firewalled hosts to only communicate via DNS (TCP/UDP 53) with sanctioned DNS servers; block all other DNS access to prevent communications with unauthorized DNS servers.
-
Unsanctioned access attempts will then be viewable in the logs.
Was This Article Helpful?
Help us to improve our support portal