SonicOS 8 Rules and Policies for Classic Mode

About App Rules Policy Creation

You can use App Rules to create custom App Rules policies to control specific aspects of traffic on your network. A policy is a set of match objects, properties, and specific prevention actions. When you create a policy, you first create a match object, then select and optionally customize an action, then reference these when you create the policy.

In the POLICY | Rules and Policy > App Rules page, you can access the Add App Rule dialog by clicking +Add. The dialog options change depending on the Policy Type you select. For example, if SMTP Client is selected, the options are very different from a Policy Type of App Control Content.

Some examples of policies include:

  • Block applications for activities such as gambling
  • Disable .exe and .vbs email attachments
  • Do not allow the Mozilla browser on outgoing HTTP connections
  • Do not allow outgoing email or MS Word attachments with the keywords, SonicWall Confidential, except from the CEO and CFO
  • Do not allow outgoing email that includes a graphic or watermark found in all confidential documents

When you create a policy, you select a policy type. Each policy type specifies the values or value types that are valid for the source, destination, match object type, and action fields in the policy. You can further define the policy to include or exclude specific users or groups, select a schedule, turn on logging, and specify the connection side as well as basic or advanced direction types. A basic direction type simply indicates inbound or outbound. An advanced direction type allows zone to zone direction configuration, such as from the LAN to the WAN.

The App rules: Policy types table describes the characteristics of the available App Rules policy types.

App Rules: Policy Types
Policy Type Description Valid Source Service / Default Valid Destination Service / Default Valid Match Object Type Valid Action Type Connection Side
App Control Content Policy using dynamic App Rules related objects for any application layer protocol Any / Any Any / Any Application Category List, Application List, Application Signature List Reset/Drop No Action Bypass DPI Packet Monitor, BWM Global-* WAN BWM * N/A
Custom Policy Policy using custom objects for any application layer protocol; can be used to create IPS-style custom signatures Any / Any Any / Any Custom Object Reset/Drop Bypass DPI Packet Monitor No Action, BWM Global-* WAN BWM * Client Side, Server Side, Both
FTP Client Any FTP command transferred over the FTP control channel Any / Any FTP Control / FTP Control FTP Command, FTP Command + Value, Custom Object Reset/Drop Bypass DPI Packet Monitor No Action Client Side
FTP Client File Upload Request An attempt to upload a file over FTP (STOR command) Any / Any FTP Control / FTP Control Filename, file extension Reset/Drop Bypass DPI Packet Monitor No Action, BWM Global-* WAN BWM * Client Side
FTP Client File Download Request An attempt to download a file over FTP (RETR command) Any / Any FTP Control / FTP Control Filename, file extension Reset/Drop Bypass DPI Packet Monitor No Action, BWM Global-* WAN BWM * Client Side
FTP Data Transfer Policy Data transferred over the FTP Data channel Any / Any Any / Any File Content Object Reset/Drop Bypass DPI Packet Monitor No Action Both
HTTP Client Policy which is applicable to Web browser traffic or any HTTP request that originates on the client Any / Any Any / HTTP (configurable) HTTP Host, HTTP Cookie, HTTP Referrer, HTTP Request Custom Header, HTTP URI Content, HTTP User Agent, Web Browser, File Name, File Extension Custom Object Reset/Drop Bypass DPI Packet Monitor1 No Action, BWM Global-* WAN BWM * Client Side
HTTP Server Response originated by an HTTP Server Any / HTTP (configurable) Any / Any ActiveX Class ID, HTTP Set Cookie, HTTP Response, File Content Object, Custom Header, Custom Object Reset/Drop Bypass DPI Packet Monitor No Action BWM Global-* WAN BWM * Server Side
IPS Content Policy using dynamic Intrusion Prevention related objects for any application layer protocol N/A N/A IPS Signature Category List, IPS Signature List Reset/Drop Bypass DPI Packet Monitor No Action, BWM Global-* WAN BWM * N/A
POP3 Client Policy to inspect traffic generated by a POP3 client; typically useful for a POP3 server admin Any / Any POP3 (Retrieve Email) / POP3 (Retrieve Email) Custom Object Reset/Drop Bypass DPI Packet Monitor No Action Client Side
POP3 Server Policy to inspect email downloaded from a POP3 server to a POP3 client; used for email filtering POP3 (Retrieve Email) / POP3 (Retrieve Email) Any / Any Email Body, Email CC, Email From, Email To, Email Subject, File Name, File Extension, MIME Custom Header Reset/Drop Disable E-Mail Attachment - Add Text Bypass DPI No action Server Side
SMTP Client Policy applies to SMTP traffic that originates on the client Any / Any SMTP (Send Email)/ SMTP (Send Email) Email Body, Email CC, Email From, Email To, Email Size, Email Subject, Custom Object, File Content, File Name, File Extension, MIME Custom Header, Reset/Drop Block SMTP E-Mail Without Reply Bypass DPI Packet Monitor No Action Client Side

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden