• SonicOS 7.1 Rules and Policies
• Overview
  • About SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• Settings
  • Configuring App/Match/Malware
  • Configuring Content Filtering Service (CFS)
    • SonicWall CFS
    • CFS Custom Category
  • Geo-IP
    • Custom List
      • Editing a Custom List Entry
      • Deleting Custom List Entries
    • Using Geo-IP Diagnostics
  • Botnet
    • Configuring Botnet Settings
    • Creating Custom Botnet Lists
    • Viewing Dynamic Botnets Lists
    • Configuring a Dynamic Botnet List Server
    • Using Botnet Diagnostics
  • Decryption (DPI-SSL)
    • Certificate
    • Common Name
    • SSL Servers
  • Decryption (DPI-SSH)
  • Signature Update
• Security Policy
  • User & Country
  • App/URL/Custom Match
• NAT Policy
  • About NAT in SonicOS
  • About NAT Load Balancing
    • Determining the NAT LB Method to Use
    • Caveats
    • How Load Balancing Algorithms are Applied
    • Sticky IP Algorithm Examples
      • Example One - Mapping to a Network
      • Example Two - Mapping to an IP Address Range
  • About NAT64
    • Use of Pref64::/n
  • About FQDN-based NAT
  • About Source MAC Address Override
  • Viewing NAT Policy Entries
    • Changing the Display
    • Filtering the Display
  • Adding or Editing NAT or NAT64 Rule Policies
  • Deleting NAT Policies
  • Creating NAT Rule Policies: Examples
    • Creating a One-to-One NAT Policy for Inbound Traffic
    • Creating a One-to-One NAT Policy for Outbound Traffic
    • Inbound Port Address Translation via One-to-One NAT Policy
    • Inbound Port Address Translation via WAN IP Address
    • Creating a Many-to-One NAT Policy
    • Creating a Many-to-Many NAT Policy
    • Creating a NAT Load Balancing Policy for Two Web Servers
• Routing
  • About Routing
    • About Metrics and Administrative Distance
      • About Metrics
      • About Administrative Distance
    • Route Advertisement
    • ECMP Routing
    • Policy-based Routing
    • Policy-based TOS Routing
    • PBR Metric-based Priority
    • Policy-based Routing and IPv6
    • OSPF and RIP Advanced Routing Services
      • About Routing Services
        • Protocol Type
        • Maximum Hops
        • Split-Horizon
        • Poison Reverse
        • Routing Table Updates
        • Subnet Sizes Supported
        • Autonomous System Topologies
      • OSPF Terms
    • Drop Tunnel Interface
    • App-based Routing
  • Rules and Policies >
    • Configuring
      • Adding Static Routes
      • Probe-Enabled Policy-based Routing Configuration
• Decryption Policy
  • Client-side SSL Rules
  • Server-side SSL Rules
  • SSH Rules
  • Setting up the Decryption Policy Table
    • Managing the Decryption Policy Toolbars
    • Changing the Policy Priority
    • Creating Decryption Policies
      • Adding Decryption Policies
      • Editing Decryption Policies
      • Deleting Decryption Policies
• DoS Policy
  • Setting up the DoS Policy Table
    • Managing the DoS Policy Toolbars
    • Changing the DoS Policy Priority
    • Creating DoS Policies
      • Adding DoS Policies
      • Editing DoS Policies
      • Deleting DoS Policies
• DNS Policy
  • Creating DNS Policies
    • Adding DNS Policies
    • Editing DNS Policies
    • Deleting DNS Policies
  • DNS Doctoring
• Endpoint Policy
• Shadow
• SonicWall Support
  • About This Document

Configuring App/Match/Malware

Settings: Application, Custom Match and Malware Prevention Settings

Select the Application Classification (Identification) based on:	Zone Policy The default setting is policy-based. When using app-based routing, it is recommended to set it to zone-based. When set to zone-based, the app classification is done based on the app control settings under the Zone. When set to Policy, the firewall classifies app only when it is needed by the security rules.
Block connections when Application signatures are unavailable and rules need application	When enabled, all connections are dropped when application signatures are unavailable and policies need application details to classify the packet.
Block connections when Anti-Malware databases are not downloaded and rules need Malware info	When enabled, all connections are dropped when Malware (Threats, Spyware and Virus) signatures are not downloaded and policies actions need to apply anti-malware profiles.
Enable Filename Logging	Filename Logging is determined on the DEVICE | Log > Settings page under Security Services > Application Control. Filename Logging works with the following protocols: HTTP, FTP, NetBios/CIFS, SMTP, POP3, and IMAP

Application Cache

Enable Active Application Caching	This enables/disables active application caching.
Use Cached Applications to Bypass DPI	This enables/disables using the cache for improved performance. If an active app cache entry is found then application identification engine is bypassed to further classify a packet.
Default Application Cache Timeout	This is the system default timeout. Timeout in seconds after when an entry is flushed from application cache on no further activity.
Default Application Cache Threshold	Number of session after when an app cache entry becomes active and usable.
Enable Global Application Cache Timeout	This enables a global timeout for all components of an application. When disabled then firewall controls expiration of each app cache entry and is depended on components inside each app cache entry. Timeout in seconds after when an entry is flushed from application cache on no further activity.
Enable Global Application Cache Threshold	This enables a global threshold for all components of an application. When disabled then firewall controls after how many sessions an application cache becomes active and usable and is depended on components inside each app cache entry. Number of session after when an app cache entry becomes active and usable.

Security Services Settings

Security Services Settings	Enhanced Security (Recommended): Inspect all content with any threat probability (high/medium/low). Note: For additional performance capacity in this maximum security setting, utilize SonicOS DPI Clustering. Note: Consider this performance optimized security setting for bandwidth/CPU intensive gateway deployments or utilize SonicOS DPI Clustering.
Schedule for Automatic Signature Downloads	Specify when automatic signature downloads should be applied by selecting a schedule or schedule group from the Schedule drop-down menu. If the rule is always applied, select Always on. If the schedule does not exist, select Create New Schedule.
Reduce Anti-Virus and E-Mail Filter traffic for ISDN connections	Enable or Disable.
Drop all packets while IPS, GAV and Anti-Spyware database is reloading	Enable or Disable.
Enable Clientless Notification Alerts	Enable or Disable
HTTP Clientless Notification Timeout for Gateway AntiVirus and AntiSpyware	Indicate number of seconds before timeout.
Message to Display when Blocking by Gateway Anti-Virus	Optionally, enter a message in the Message to Display when Blocking by Gateway Anti-Virus field. The default message is "This request is blocked by the Firewall Gateway Anti-Virus Service."
Message to Display when Blocking by Anti-Spyware Service	Optionally, enter a message in the Message to Display when Blocking by Anti-Spyware Service field. The default message is "This request is blocked by the Firewall Anti-Spyware Service."

Cloud AV DB Exclusion Settings

Optionally, certain cloud-signatures can be excluded from being enforced to alleviate false positive problems or to enable downloading specific virus files as necessary.

To configure the exclusion list

1. Click Cloud AV DB Exclusion Settings. The Add Cloud AV Exclusions dialog displays.

2. Enter the signature ID in the Cloud AV Signature ID field. The ID must be a numeric value.

3. Click +.

4. Repeat Step 2 and Step 3 for each signature ID to be added.

5. Optionally, to update a Cloud AV Signature ID:

   1. Select the signature ID in the Signature ID field.

   2. Enter the updated signature in the Cloud AV Signature ID field.

   3. Click Update.

6. Optionally, to delete:

   • A signature ID, select the ID in the Signature ID field, and then click Remove.

   • All signatures, click Delete Selected Entries.

7. Optionally, to view the latest information on a signature, select the signature ID in the list and click Sig Info. The information for the signature is displayed on the SonicALERT website.

8. Click Accept when you have finished configuring the Cloud AV exclusion list.