• SonicOS 7.0 Rules and Policies
• Access Rules
  • Setting Firewall Access Rules
    • About Connection Limiting
    • Using Bandwidth Management with Access Rules
      • Enabling Bandwidth Management on an Access Rule
    • Creating Access Rules
    • Configuring Access Rules for IPv6
      • About Stateful Packet Inspection Default Access Rules
    • Enabling and Disabling Access Rules
    • Editing Access Rules
    • Deleting Access Rules
    • Restoring Access Rules to Default Settings
    • Displaying Access Rules
      • By Zones
      • By Column
    • Displaying Access Rule Traffic Statistics
    • Configuring Access Rules for NAT64
    • Configuring Access Rules for a Zone
    • Access Rules for DNS Proxy
    • User Priority for Access Rules
  • Access Rule Configuration Examples
    • Enabling Ping
    • Blocking LAN Access for Specific Services
    • Allowing WAN Primary IP Access from the LAN Zone
• NAT Rules
  • About NAT in SonicOS
  • About NAT Load Balancing
    • Determining the NAT LB Method to Use
    • Caveats
    • How Load Balancing Algorithms are Applied
    • Sticky IP Algorithm Examples
      • Example One - Mapping to a Network
      • Example Two - Mapping to an IP Address Range
  • About NAT64
    • Use of Pref64::/n
  • About FQDN-based NAT
  • About Source MAC Address Override
  • Viewing NAT Policy Entries
    • Changing the Display
    • Filtering the Display
    • Displaying Information about Policies
  • Adding or Editing NAT or NAT64 Rule Policies
  • Deleting NAT Policies
  • Creating NAT Rule Policies: Examples
    • Creating a One-to-One NAT Policy for Inbound Traffic
    • Creating a One-to-One NAT Policy for Outbound Traffic
    • Inbound Port Address Translation via One-to-One NAT Policy
    • Inbound Port Address Translation via WAN IP Address
    • Creating a Many-to-One NAT Policy
    • Creating a Many-to-Many NAT Policy
    • Creating a One-to-Many NAT Load Balancing Policy
    • Creating a NAT Load Balancing Policy for Two Web Servers
    • Creating a WAN-to-WAN Access Rule for a NAT64 Policy
    • DNS Doctoring
• Routing
  • About Routing
    • About Metrics and Administrative Distance
      • About Metrics
      • About Administrative Distance
    • Route Advertisement
    • ECMP Routing
    • Policy-based Routing
    • Policy-based TOS Routing
    • PBR Metric-based Priority
    • Policy-based Routing and IPv6
    • OSPF and RIP Advanced Routing Services
      • About Routing Services
        • Protocol Type
        • Maximum Hops
        • Split-Horizon
        • Poison Reverse
        • Routing Table Updates
        • Subnet Sizes Supported
        • Autonomous System Topologies
      • OSPF Terms
    • Drop Tunnel Interface
    • App-based Routing
  • Rules and Policies >
    • Configuring
      • Adding Static Routes
      • Probe-Enabled Policy-based Routing Configuration
• Content Filter Rules
  • About Content Filtering Rules (CFS)
    • About Content Filter Rules
    • About UUIDs for CFS Policies
    • About Content Filter Action Objects
    • How CFS Works
  • Configuring CFS Policies
    • About the Content Filter Rule Table
      • Searching the Content Filter Rule Table
    • Adding a Content Filter Rule
    • Editing a Content Filter Rule
    • Deleting Content Filter Rules
• App Rules
  • About App Rules
    • What are App Rules?
      • About App Rules Policies
      • About App Rules Capabilities
    • Benefits of App Rules
    • How Does Application Control Work?
    • About App Rules Policy Creation
    • Licensing App Rules and App Control
    • Terminology
  • Rules and Policies > App Rules
    • Configuring an App Rules Policy
  • Verifying App Rules Configuration
    • Useful Tools
      • Wireshark
      • Hex Editor
  • App Rules Use Cases
    • Creating a Regular Expression in a Match Object
    • Policy-based Application Rules
    • Logging Application Signature-based Policies
    • Compliance Enforcement
    • Server Protection
    • Hosted Email Environments
    • Email Control
    • Web Browser Control
    • HTTP Post Control
    • Forbidden File Type Control
    • ActiveX Control
    • FTP Control
      • Blocking Outbound Proprietary Files Over FTP
      • Blocking Outbound UTF-8 / UTF-16 Encoded Files
      • Blocking FTP Commands
    • Bandwidth Management
    • Bypass DPI
    • Custom Signature
    • Reverse Shell Exploit Prevention
      • Generating the Network Activity
      • Capturing and Exporting the Payload to a Text File Using Wireshark
      • Creating a Match Object
      • Defining the Policy
• Endpoint Rules
• SonicWall Support
  • About This Document

Configuring an App Rules Policy

When you have created the necessary match object and action object, you are ready to create a policy that uses them.

For information about using the App Control Wizard to create a policy, see Using the App Rule Wizard.

For information about policies and policy types, see About App Rules Policy Creation.

Policies configured through the POLICY | Rules and Policies > App Control page take precedence over those configured through the POLICY | Rules and Policies > App Rules page.

To configure an App Rules policy

1. Navigate to the POLICY | Rules and Policies > App Rules page.

   

2. At the top of the page, click +Add. The Add App Rule dialog displays.

   

3. Enter a descriptive name into the Policy Name field.

4. Select a Policy Type from the drop-down menu. Your selection here affects options available in the dialog. For information about available policy types, see About App Rules Policy Creation.

5. Select an Address Source and Address Destination from the drop-down menus. Only a single Address field is available for IPS Content, App Control Content, or CFS policy types.

6. Select a Service Source and Service Destination from the drop-down menus. Some policy types do not provide a choice of service.

7. For Exclusion Address and Exclusion Service, optionally select an address group and service from the drop-down menus. This address is not affected by the policy.

8. For Match Object Included and Match Objects Excluded, select a appropriate match objects from the drop-down menus containing the defined match objects applicable to the policy type.

   The excluded match object provides the ability to differentiate subdomains in the policy. For example, if you wanted to allow news.yahoo.com, but block all other yahoo.com sites, you would create match objects for both yahoo.com and news.yahoo.com. You would then create a policy blocking Match Object yahoo.com and set Match Objects Excluded to news.yahoo.com.

   The Match Objects Excluded does not take effect when the match object type is set to Custom Object. Custom Objects cannot be selected as the Match Objects Excluded.

9. For Action Object, select an action from the drop-down menu containing actions applicable to the policy type. The available objects include predefined actions plus any customized actions which are applicable. The default for all policy types is Reset/Drop.

   For a log-only policy, select No Action.

10. For Users/Groups, select from the drop-down menus for both Included and Excluded. The selected users or group under Excluded are not affected by the policy.

11. If the policy type is SMTP Client, select from the drop-down menus for MAIL FROM and RCPT TO, for both Included and Excluded. The selected users or group under Excluded are not affected by the policy.

12. For Schedule, select from the drop-down menu, which contains a variety of schedules for the policy to be in effect.

    Specifying a schedule other than the default, Always On, turns on the rule only during the scheduled time. For example, specifying Work Hours for a policy to block access to non-business sites allows access to non-business sites during non-business hours.

13. If you want the policy to create a log entry when a match is found, select Enable Logging.

14. To record more details in the log, select Log individual object content.

15. If the policy type is IPS Content, select Log using IPS message format to display the category in the log entry as Intrusion Prevention rather than Application Control, and to use a prefix such as IPS Detection Alert in the log message rather than Application Control Alert. This is useful if you want to use log filters to search for IPS alerts.

16. If the policy type is App Control Content, select Log using App Control message format to display the category in the log entry as Application Control, and to use a prefix such as Application Control Detection Alert in the log message. This is useful if you want to use log filters to search for application control alerts.

17. For Log Redundancy Filter, you can either select Global Settings to use the global value set on the POLICY | Rules and Policies > App Control page, or you can enter a number of seconds to delay between each log entry for this policy. The local setting overrides the global setting only for this policy; other policies are not affected.

18. For Connection Side, select from the drop-down menu. The available choices depend on the policy type and can include Client Side, Server Side, or Both, referring to the side where the traffic originates. IPS Content or App Control Content policy types do not provide this configuration option.

19. For Direction, click either Basic or Advanced and select a direction from the drop-down menu. Basic allows you to select incoming, outgoing, or both. Advanced allows you to select between zones, such as LAN to WAN. IPS Content or App Control Content policy types do not provide this configuration option.

20. If the policy type is IPS Content or App Control Content, select a zone from the Zone drop-down menu. The policy will be applied to this zone.

21. Click OK.