SonicOS 7.1 Rules and Policies for Policy Mode
- SonicOS 7.1 Rules and Policies
- Overview
- Settings
- Security Policy
- NAT Policy
- About NAT in SonicOS
- About NAT Load Balancing
- About NAT64
- About FQDN-based NAT
- About Source MAC Address Override
- Viewing NAT Policy Entries
- Adding or Editing NAT or NAT64 Rule Policies
- Deleting NAT Policies
- Creating NAT Rule Policies: Examples
- Creating a One-to-One NAT Policy for Inbound Traffic
- Creating a One-to-One NAT Policy for Outbound Traffic
- Inbound Port Address Translation via One-to-One NAT Policy
- Inbound Port Address Translation via WAN IP Address
- Creating a Many-to-One NAT Policy
- Creating a Many-to-Many NAT Policy
- Creating a NAT Load Balancing Policy for Two Web Servers
- Routing
- Decryption Policy
- DoS Policy
- DNS Policy
- Endpoint Policy
- Shadow
- SonicWall Support
Configuring App/Match/Malware
Settings: Application, Custom Match and Malware Prevention Settings
Select the Application Classification (Identification) based on: |
The default setting is policy-based. When using app-based routing, it is recommended to set it to zone-based. When set to zone-based, the app classification is done based on the app control settings under the Zone. When set to Policy, the firewall classifies app only when it is needed by the security rules. |
Block connections when Application signatures are unavailable and rules need application | When enabled, all connections are dropped when application signatures are unavailable and policies need application details to classify the packet. |
Block connections when Anti-Malware databases are not downloaded and rules need Malware info | When enabled, all connections are dropped when Malware (Threats, Spyware and Virus) signatures are not downloaded and policies actions need to apply anti-malware profiles. |
Enable Filename Logging | Filename Logging is determined on the DEVICE | Log > Settings page under Security Services > Application Control. Filename Logging works with the following protocols: HTTP, FTP, NetBios/CIFS, SMTP, POP3, and IMAP |
Application Cache
Enable Active Application Caching | This enables/disables active application caching. |
Use Cached Applications to Bypass DPI | This enables/disables using the cache for improved performance. If an active app cache entry is found then application identification engine is bypassed to further classify a packet. |
Default Application Cache Timeout | This is the system default timeout. Timeout in seconds after when an entry is flushed from application cache on no further activity. |
Default Application Cache Threshold | Number of session after when an app cache entry becomes active and usable. |
Enable Global Application Cache Timeout | This enables a global timeout for all components of an application. When disabled then firewall controls expiration of each app cache entry and is depended on components inside each app cache entry. Timeout in seconds after when an entry is flushed from application cache on no further activity. |
Enable Global Application Cache Threshold | This enables a global threshold for all components of an application. When disabled then firewall controls after how many sessions an application cache becomes active and usable and is depended on components inside each app cache entry. Number of session after when an app cache entry becomes active and usable. |
Security Services Settings
Security Services Settings | Enhanced Security (Recommended): Inspect all content with any threat probability (high/medium/low).
Note: For additional performance capacity in this maximum security setting, utilize SonicOS DPI Clustering. Note: Consider this performance optimized security setting for bandwidth/CPU intensive gateway deployments or utilize SonicOS DPI Clustering. |
Schedule for Automatic Signature Downloads | Specify when automatic signature downloads should be applied by selecting a schedule or schedule group from the Schedule drop-down menu. If the rule is always applied, select Always on. If the schedule does not exist, select Create New Schedule. |
Reduce Anti-Virus and E-Mail Filter traffic for ISDN connections | Enable or Disable. |
Drop all packets while IPS, GAV and Anti-Spyware database is reloading | Enable or Disable. |
Enable Clientless Notification Alerts | Enable or Disable |
HTTP Clientless Notification Timeout for Gateway AntiVirus and AntiSpyware | Indicate number of seconds before timeout. |
Message to Display when Blocking by Gateway Anti-Virus | Optionally, enter a message in the Message to Display when Blocking by Gateway Anti-Virus field. The default message is "This request is blocked by the Firewall Gateway Anti-Virus Service." |
Message to Display when Blocking by Anti-Spyware Service | Optionally, enter a message in the Message to Display when Blocking by Anti-Spyware Service field. The default message is "This request is blocked by the Firewall Anti-Spyware Service." |
Cloud AV DB Exclusion Settings
Optionally, certain cloud-signatures can be excluded from being enforced to alleviate false positive problems or to enable downloading specific virus files as necessary.
To configure the exclusion list
- Click Cloud AV DB Exclusion Settings. The Add Cloud AV Exclusions dialog displays.
-
Enter the signature ID in the Cloud AV Signature ID field. The ID must be a numeric value.
-
Click +.
-
Repeat Step 2 and Step 3 for each signature ID to be added.
-
Optionally, to update a Cloud AV Signature ID:
-
Select the signature ID in the Signature ID field.
-
Enter the updated signature in the Cloud AV Signature ID field.
-
Click Update.
-
-
Optionally, to delete:
-
A signature ID, select the ID in the Signature ID field, and then click Remove.
-
All signatures, click Delete Selected Entries.
-
-
Optionally, to view the latest information on a signature, select the signature ID in the list and click Sig Info. The information for the signature is displayed on the SonicALERT website.
-
Click Accept when you have finished configuring the Cloud AV exclusion list.
Was This Article Helpful?
Help us to improve our support portal