SonicOS 7.0 Objects
- SonicOS 7.0
- Match Objects
- Zones
- How Zones Work
- Default Zones
- Security Types
- Allow Interface Trust
- Effect of Wireless Controller Modes
- Zones Overview
- The Zones Page
- Adding a New Zone
- Adding a New Zone in Policy Mode
- Adding a New Zone in Classic Mode
- Configuring a Zone for Guest Access
- Configuring a Zone for Open Authentication and Social Login
- Configuring the WLAN Zone
- Configuring the RADIUS Server
- Configuring DPI-SSL Granular Control per Zone
- Enabling Automatic Redirection to the User-Policy Page
- Cloning a Zone
- Editing a Zone
- Deleting Custom Zones
- Addresses
- Addresses Page
- About UUIDs for Address Objects and Groups
- Working with Dynamic Address Objects
- Services
- URI Lists
- Schedules
- Dynamic Group
- Email Addresses
- Match Objects
- Countries
- Applications
- Web Categories
- Websites
- Match Patterns
- Custom Match
- Profile Objects
- Endpoint Security
- Bandwidth
- QoS Marking
- Content Filter
- DHCP Option
- Block Page
- Anti-Spyware
- Gateway Anti-Virus
- Log and Alerts
- Intrusion Prevention
- AWS
- Action Profiles
- Security Action Profile
- DoS Action Profile
- Action Objects
- App Rule Actions
- Content Filter Actions
- Object Viewer
- SonicWall Support
Enforcing the Use of Sanctioned Servers on the Network
Although not a requirement, it is recommended to enforce the use of authorized or sanctioned servers on the network. This practice can help to reduce illicit network activity, and also serve to ensure the reliability of the FQDN wildcard resolution process. In general, it is good practice to define the endpoints of known protocol communications when possible. For example:
- Create address groups of sanctioned servers (for example, SMTP, DNS)
- Create access rules in the relevant zones allowing only authorized SMTP servers on your network to communicate outbound SMTP; block all other outbound SMTP traffic to prevent intentional or unintentional outbound spamming.
-
Create access rules in the relevant zones allowing authorized DNS servers on your network to communicate with all destination hosts using DNS protocols (TCP/UDP 53).
Be sure to have this rule in place if you have DNS servers on your network, and you will be configuring the restrictive DNS rule that follows.
- Create access rules in the relevant zones allowing firewalled hosts to only communicate via DNS (TCP/UDP 53) with sanctioned DNS servers; block all other DNS access to prevent communications with unauthorized DNS servers.
- Unsanctioned access attempts will then be viewable in the logs.
Was This Article Helpful?
Help us to improve our support portal