• SonicOS 7.1 Action Objects
• About SonicOS
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
  • Common Actions with Objects Table
  • Advanced Filter
• Match Objects
• Zones
  • How Zones Work
  • Default Zones
  • Security Types
  • Allow Interface Trust
  • Effect of Wireless Controller Modes
    • Effects of Enabling Non-Wireless Controller Mode
    • Effects of Enabling Wireless Controller Mode
  • Zones Overview
    • The Zones Page
      • Interpreting the Zones Table
    • Adding a New Zone
      • Adding a New Zone in Policy Mode
      • Adding a New Zone in Classic Mode
      • Configuring a Zone for Guest Access
      • Configuring a Zone for Open Authentication and Social Login
        • Configuring a Zone for Captive Portal Authentication with RADIUS
        • Configuring a Zone for Customized Policy Message
        • Configuring a Zone for Customized Login Page
      • Configuring the WLAN Zone
      • Configuring the RADIUS Server
      • Configuring DPI-SSL Granular Control per Zone
      • Enabling Automatic Redirection to the User-Policy Page
    • Cloning a Zone
    • Editing a Zone
    • Deleting Custom Zones
• Addresses
  • Addresses Page
    • Default Address Objects and Groups
      • Default Pref64 Address Object
      • Default Rogue Address Groups
    • Address Objects
      • Types of Address Objects
      • Adding Address Objects
      • Editing Address Objects
      • Deleting Custom Address Objects
      • Purging MAC or FQDN Address Objects
      • Resolving Address Objects
    • Address Groups
      • Adding Address Groups
      • Editing Address Groups
      • Deleting Custom Address Groups
      • Purging or Resolving All Address Groups
    • Cloning Address Objects or Groups
  • About UUIDs for Address Objects and Groups
  • Working with Dynamic Address Objects
    • Key Features of Dynamic Address Objects
    • Enforcing the Use of Sanctioned Servers on the Network
    • Using MAC and FQDN Dynamic Address Objects
      • Blocking All Protocol Access to a Domain using FQDN DAOs
      • Using an Internal DNS Server for FQDN-based Access Rules or Security Policies
      • Controlling a Dynamic Host’s Network Access by MAC Address
      • Bandwidth Managing Access to Entire Domain
• Services
  • Default Service Objects and Groups
  • Default IP Protocols for Custom Service Objects
  • Service Objects
    • Adding Service Objects using Default Protocols
    • Adding Service Objects using Custom Protocols
    • Editing Service Objects
    • Deleting Custom Service Objects
  • Service Groups
    • Adding Custom Service Groups
    • Editing Service Groups
    • Deleting Custom Service Groups
  • Adding Custom IP Protocol Services
    • Configuration Example
• URI Lists
  • About URIs and the URI List
  • About Keywords and the Keyword List
  • Matching URI List Objects
    • Normal Matching
    • Wildcard Matching
    • IPv6 Address Matching
    • IPv6 Wildcard Matching
  • Using URI List Objects
  • About URI List Groups
  • Managing URI List Objects
    • About the URI List Objects Table
    • Adding URI List Objects
      • Adding URIs
      • Importing URIs
      • Adding Keywords
      • Importing Keywords
    • Exporting URI List Objects
    • Editing URI List Objects
    • Deleting URI List Objects
  • Managing URI List Groups
    • About the URI List Groups Table
    • Adding URI List Groups
    • Editing a URI List Group
    • Deleting URI List Groups
  • Applying URI List Object or Group
• Schedules
  • Default Schedules
  • Adding Custom Schedules
  • Editing Schedules
  • Deleting Custom Schedules
  • Applying Schedules
• Dynamic Group
  • About Dynamic External Address Group File
  • DEAG and DEAO Maximums
  • High Availability Requirements
  • Adding Dynamic External Objects
  • Editing Dynamic External Objects
  • Deleting Dynamic External Objects
  • Applying Dynamic External Objects
• Email Addresses
  • Adding Email Address Objects
  • Editing Email Address Objects
  • Deleting Email Address Objects
  • Applying Email Addresses Objects
• Match Objects
  • Match Objects
    • Input representation
    • Supported Match Object Types
    • Regular Expressions
      • Regular Expression Syntax
    • Negative Matching
    • Adding Match Objects
    • Editing Match Objects
  • Application Objects
    • Adding Application Objects
    • Editing Application Objects
    • Adding Category Objects
    • Editing Category Objects
  • Deleting Match Objects or Application Objects
  • Applying Match Objects and Application Objects
• Countries
  • Country Objects
  • Country Groups
    • Adding Country Groups
    • Editing Country Groups
    • Deleting Custom Country Groups
  • Applying Country Groups
• Applications
  • Application Objects
  • Application Groups
    • Adding Application Groups
    • Editing Application Groups
    • Deleting Application Groups
  • Applying Application Groups
• Web Categories
  • Web Category Objects
  • Web Category Groups
    • Adding Web Category Groups
    • Editing Web Category Groups
    • Deleting Web Category Groups
  • Applying Web Category Groups
• Websites
  • Website Objects
    • Adding Website Objects
    • Editing Website Objects
  • Website Groups
    • Adding Website Groups
    • Editing Website Groups
  • Deleting Website Objects or Groups
  • Applying Website Groups
• Match Patterns
  • About Match Patterns
    • Regular Expressions
    • Negative Matching
  • Adding Match Patterns
  • Editing Match Patterns
  • Deleting Match Patterns
  • Applying Match Patterns
• Custom Match
  • Custom Match Objects
  • Custom Match Groups
  • Editing Custom Objects or Groups
  • Deleting Custom Objects or Groups
  • Applying Custom Match Groups
• Profile Objects
• Endpoint Security
  • Prerequisites
  • Adding Endpoint Security Profiles
  • Editing Endpoint Security Profiles
  • Deleting Endpoint Security Profiles
  • Applying Endpoint Security Profiles
• Bandwidth
  • Configuring Bandwidth Profile Objects
    • Defining Bandwidth Profile Object Settings
      • General Settings of Bandwidth Profile Object
      • Elemental Settings of Bandwidth Profile Object
    • Enabling BWM on an Interface
  • Editing Bandwidth Profile Objects
  • Deleting Bandwidth Profile Objects
  • Applying Bandwidth Profile Objects
• QoS Marking
  • Classification
  • Marking
  • Conditioning
    • Site to Site VPN over QoS Capable Networks
    • Site to Site VPN over Public Networks
  • 802.1p and DSCP QoS
    • 802.1p Marking
    • DSCP Marking
      • DSCP Marking and Mixed VPN Traffic
      • Configure for 802.1p CoS 4 – Controlled Load
  • Mapping of QoS Tags
  • Configuring QoS Marking
  • Applying QoS Marking
    • QoS Marking Actions
    • Bi-directional DSCP Tag Action
      • Remote Site 1: Sample Access Rule or Security Rule Configuration
      • Main Site: Sample Access Rule or Security Rule Configurations
• Content Filter
  • About CFS Profile Objects
    • About UUIDs for CFS Profile Objects
  • Adding CFS Profile Objects
    • Advanced Screen
    • Consent
    • Custom Header Screen
  • Editing CFS Profile Objects
  • Deleting CFS Profile Objects
  • Applying Content Filter Profile Objects
• DHCP Option
  • Prerequisites
  • Adding DHCP Option Objects
    • RFC-Defined DHCPV4 Option Numbers
    • RFC-Defined DHCPV6 Option Numbers
  • Editing DHCP Option Objects
  • Deleting DHCP Option Objects
  • Applying DHCP Option Objects
• DNS Filtering
  • Prerequisites
  • Adding DNS Filtering Profile Objects
  • Editing DNS Filtering Profile Objects
  • Deleting DNS Filtering Profile Objects
  • Applying DNS Filtering Profile Objects
• Block Page
  • Adding Custom Block Pages
  • Cloning Block Page
  • Editing Block Pages
  • Deleting Block Pages
  • Applying Block Pages
• Anti-Spyware
  • Viewing Anti-Spyware Objects
  • Enabling or Disabling Anti-Spyware Objects
  • Adding Anti-Spyware Profiles
  • Editing Anti-Spyware Profiles
  • Cloning Anti-Spyware Profiles
  • Deleting Anti-Spyware Profiles
  • Applying Anti-Spyware Profiles
• Gateway Anti-Virus
  • Viewing Gateway Anti-Virus Objects
  • Enabling or Disabling Gateway Anti-Virus Objects
  • Adding Gateway Anti-Virus Profiles
  • Cloning Gateway Anti-Virus Profiles
  • Editing Gateway Anti-Virus Profiles
  • Deleting Gateway Anti-Virus Profiles
  • Applying Gateway Anti-Virus Profiles
• Log and Alerts
  • Adding Log and Alerts Profiles
  • Editing Log and Alert Profiles
  • Deleting Log and Alert Profiles
  • Applying Log Alerts Profiles
• Intrusion Prevention
  • Viewing Intrusion Prevention Objects
  • Enabling or Disabling Intrusion Prevention Objects
  • Adding Intrusion Prevention Profiles
  • Editing Intrusion Prevention Profiles
  • Cloning Intrusion Prevention Profiles
  • Deleting Intrusion Prevention Profiles
  • Applying Intrusion Prevention Profiles
• AWS
  • AWS Objects
    • About Address Object Mapping with AWS
      • Tagging an EC2 Instance on AWS
    • Viewing Instance Properties in SonicOS
    • Creating a New Address Object Mapping
    • Enable Mapping
    • Configuring Synchronization
    • Configuring Regions to Monitor
    • Verifying AWS Address Objects and Groups
• Action Profiles
• Security Action Profile
  • Security Actions
  • Adding Security Action Profiles
    • Bandwidth/QoS
      • Bandwidth
      • Configuring a Bandwidth/QoS Security Action Profile
    • Anti-Virus
    • Intrusion Prevention
    • Anti-Spyware
    • Botnet Filter
    • Content Filter
      • General
      • Passphrase
      • Confirm
      • Consent
      • Custom Header
    • Block Page and Logging
    • Miscellaneous
  • Editing Security Action Profiles
  • Cloning Security Action Profiles
  • Deleting Security Action Profiles
  • Applying Security Action Profiles
• DoS Action Profile
  • DoS Actions
  • Adding DoS Action Profiles
    • Flood Protection
      • Layer 3 SYN Flood Protection - SYN Proxy
      • Layer 2 SYN/RST/FIN Flood Protection
      • UDP Flood Protection
      • ICMP Flood Protection
    • DDoS Protection
    • Attack Protection
    • Connection Limiting
  • Editing DoS Action Profiles
  • Cloning DoS Action Profiles
  • Deleting DoS Action Profiles
  • Applying DoS Action Profiles
• Action Objects
• App Rule Actions
  • Action Objects
    • Default Action Objects
    • Action Types for Custom Action Objects
  • Actions Using Bandwidth Management
    • Bandwidth Management Methods
    • Viewing Bandwidth Management Information on App Rule Actions
  • Adding Action Objects
    • Configuring Bandwidth App Rule Action Objects
  • Editing Action Objects
  • Deleting Action Objects
  • Applying App Rule Actions
    • Related Tasks for Actions Using Packet Monitoring
      • Capturing Packets Related to a Policy
      • Configuring Mirroring
• Content Filter Actions
  • Content Filter Objects
    • CFS Action Objects
    • About Passphrase Feature
    • About Confirm Feature
    • UUIDs for CFS Objects
  • Managing CFS Action Objects
    • About the CFS Action Objects Table
    • Adding CFS Action Objects
      • Block
      • Passphrase
      • Confirm
      • BWM
    • Editing CFS Action Objects
    • Deleting CFS Action Objects
  • Applying Content Filter Objects
• Object viewer
• SonicWall Support
  • About This Document

Intrusion Prevention

Intrusion Prevention Profiles are available only in Policy Mode.

Intrusion Prevention Service (IPS) delivers a configurable, high performance Deep Packet Inspection (DPI) engine for extended protection of key network services such as Web, E-mail, file transfer, Windows services, and DNS. SonicWall IPS is designed to protect against application vulnerabilities as well as worms, Trojans, and peer-to-peer, spyware and back-door exploits. The extensible signature language used in SonicWall’s DPI engine also provides proactive defense against newly discovered application and protocol vulnerabilities. SonicWall IPS off-loads the costly and time-consuming burden of maintaining and updating signatures for new hacker attacks through SonicWall’s industry-leading Distributed Enforcement Architecture (DEA). Signature granularity allows SonicWall IPS to detect and prevent attacks based on a global, attack group, or per-signature basis to provide maximum flexibility and control false positives.

The detection works based on a Security Policy defined on POLICY | Rules and Policies > Security Policy page. For more information, refer to SonicOS 7.1 Rules and Policies Administration Guide for Policy Mode.

From the Intrusion Prevention, you can:

• View all SonicWall threat signatures from Intrusion Prevention Objects tab.

• Create category profiles on a signature by signature basis to configure the handling of those signatures from Intrusion Prevention Profiles which can be used in configuring Intrusion Prevention Security Rule Actions on OBJECT | Action Profiles > Security Action Profile page. These Security Action Profiles can be applied in defining on POLICY | Rules and Policies > Security Policy page.

  Intrusion Prevention Profiles are signatures grouped together based on attributes such as types of attack.

• Clone from an exiting one to create a new one
• Refresh and sort the table columns data to identify the specific results
• Customize columns to show or hide the table columns, and save the filter preferences for next time log in

• Viewing Intrusion Prevention Objects
• Enabling or Disabling Intrusion Prevention Objects
• Adding Intrusion Prevention Profiles
• Editing Intrusion Prevention Profiles
• Cloning Intrusion Prevention Profiles
• Deleting Intrusion Prevention Profiles
• Applying Intrusion Prevention Profiles