SonicOS 7.0 Objects

Table of Contents

Adding a New Zone in Classic Mode

To add a new zone

  1. Navigate to OBJECT | Match Objects > Zones.

  2. Click the Add Zone icon.

    The Zone Settings page enables the below listed options by the default on the General tab, but these comes into effect only when Allow Interface Trust is enabled.

    • Auto-generate Access Rules to allow traffic between zones of the same trust level
    • Auto-generate Access Rules to allow traffic to zones with lower trust level
    • Auto-generate Access Rules to allow traffic from zones with higher trust level
    • Auto-generate Access Rules to deny traffic from zones with lower trust level

  3. Type a Name for the new zone.

  4. Select the Security Type.

    Trusted To create a zone with the highest level of trust, such as internal LAN segments.
    Public To create a zone with a lower level of trust requirements, such as a DMZ interface.
    Wireless To create a zone for WLAN interface.
    SSLVPN

    To create a zone for interfaces on which Content Filtering, Client AV enforcement, and Client CF services are enabled.

    Enable SSLVPN Access and Create Group VPN options are not available for SSLVPN Security Type.

  5. Enable Allow Interface Trust to allow intra-zone communications.

    An Access Rule allowing traffic to flow between the interfaces of a Zone instance is created automatically.

  6. Set the toggle keys to generate access rules automatically as required.

     

    Toggle key To allow traffic between Example
    Auto-generate Access Rules to allow traffic between zones of the same trust level This zone and other zones of equal trust CUSTOM_LAN > CUSTOM _LAN or CUSTOM_LAN > LAN
    Auto-generate Access Rules to allow traffic to zones with lower trust level. This zone and other zones of lower trust CUSTOM_LAN > WAN or CUSTOM_LAN > DMZ
    Auto-generate Access Rules to allow traffic from zones with higher trust level. This zone and other zones of higher trust LAN > CUSTOM_DMZ or CUSTOM_LAN > CUSTOM_DMZ
    Auto-generate Access Rules to deny traffic from zones with lower trust level This zone and zones of lower trust WAN > CUSTOM_LAN or DMZ > CUSTOM_LAN

  7. Set the toggle keys for security services as required.

    Toggle key Security Service
    Enable SSLVPN Access

    To enable SSL VPN secure remote access on the zone.
    Enable SSL Control

    To enable SSL Control on the zone. All new SSL connections initiated from the zone are now subject to inspection.

    Make sure that the SSL Control is enabled globally on NETWORK | Firewall > SSL Control page.
    Create Group VPN

    To create a SonicWall Group VPN Policy for this zone automatically.

    You can view and customize the Group VPN Policy in NETWORK | SSLVPN > Server Settings page.

     

      • Enable SSLVPN Access option is not available if SSLVPN is selected as Security Type.
      • The Create Group VPN option is available until SSLVPN is selected as Security Type. If the Security Type is changed to any other type, the Create Group VPN option becomes available.

    Disabling Create Group VPN removes any corresponding Group VPN policy.

    Disabling Group VPN for WAN or WLAN VPN policies, deletes all VPN policies. Re-enabling the Create Group VPN option automatically creates a new, enabled VPN policy. Disabling VPN policies globally does not delete auto-rules. If you do not want VPN policies at all, globally disable VPN, and delete all policies that correlate with VPN.

    WAN or WLAN Group VPN policies are disabled by the default when the firewall is booted with the factory default.

    For more information about connectivity options, refer to the SonicOS Connectivity.
    Enable Gateway Anti-Virus Service

    To enforce gateway anti-virus protection on your Security Appliance for all clients connecting to this zone.

    SonicWall Gateway Anti-Virus manages the anti-virus service on the Security Appliance.
    Enable IPS

    To enforce intrusion detection and prevention on multiple interfaces in the same Trusted, Public, or WLAN zones.
    Enable Anti-Spyware Service To enforce anti-spyware detection and prevention on multiple interfaces in the same Trusted or Public security type for WLAN zones.
    Enable App Control Service

    To enforce application control policy services on multiple interfaces in the same Trusted or Public security type for WLAN zones.

    For more information about App Control, refer to SonicOS 7.0 Rules and Policies Administration Guide for Classic Mode.
    Enable SSL Client Inspection To enable granular DPI-SSL on a per-zone basis rather than globally for DPI-SSL clients.
    Enable SSL Server Inspection To enable granular DPI-SSL on a per-zone basis rather than globally for DPI-SSL servers.

  8. Click Save.

    The new zone is now added to the Security Appliance.