SonicOS 7.1 Objects

Table of Contents

Negative Matching

Negative matching provides an alternate way to specify which content to block. You can enable negative matching in a match object when you want to block everything except a particular type of content. When you use the object in a rule, the rule executes actions based on absence of the content specified in the match object. Multiple list entries in a negative matching object are matched using the logical AND, meaning that the rule action is executed only when all specified negative matching entries are matched.

Although all App Rules are DENY policies, you can simulate an ALLOW policy by using negative matching. For instance, you can allow email .txt attachments and block attachments of all other file types or you can allow a few types, and block all others.

Negative matching option is not available for all type of match object types. You can find the Enable Negative Matching option for eligible match object types on the Match Object Settings dialog box.