• SonicOS 8 Rules and Policies
• Overview
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• Access Rules
  • Setting Firewall Access Rules
    • About Connection Limiting
    • Using Bandwidth Management with Access Rules
      • Enabling Bandwidth Management on an Access Rule
    • Creating Access Rules
    • Configuring Access Rules for IPv6
      • About Stateful Packet Inspection Default Access Rules
    • Enabling and Disabling Access Rules
    • Editing Access Rules
    • Deleting Access Rules
    • Restoring Access Rules to Default Settings
    • Displaying Access Rules
      • By Zones
      • By Column
    • Displaying Access Rule Traffic Statistics
    • Configuring Access Rules for NAT64
    • Configuring Access Rules for a Zone
    • Access Rules for DNS Proxy
    • User Priority for Access Rules
  • Access Rule Configuration Examples
    • Enabling Ping
    • Blocking LAN Access for Specific Services
    • Allowing WAN Primary IP Access from the LAN Zone
• NAT Rules
  • About NAT in SonicOS
  • About NAT Load Balancing
    • Determining the NAT LB Method to Use
    • Caveats
    • How Load Balancing Algorithms are Applied
    • Sticky IP Algorithm Examples
      • Example One - Mapping to a Network
      • Example Two - Mapping to an IP Address Range
  • About NAT64
    • Use of Pref64::/n
  • About FQDN-based NAT
  • About Source MAC Address Override
  • Viewing NAT Policy Entries
    • Changing the Display
    • Filtering the Display
    • Displaying Information about Policies
  • Adding or Editing NAT or NAT64 Rule Policies
  • Deleting NAT Policies
  • Creating NAT Rule Policies: Examples
    • Creating a One-to-One NAT Policy for Inbound Traffic
    • Creating a One-to-One NAT Policy for Outbound Traffic
    • Inbound Port Address Translation via One-to-One NAT Policy
    • Inbound Port Address Translation via WAN IP Address
    • Creating a Many-to-One NAT Policy
    • Creating a Many-to-Many NAT Policy
    • Creating a One-to-Many NAT Load Balancing Policy
    • Creating a NAT Load Balancing Policy for Two Web Servers
    • Creating a WAN-to-WAN Access Rule for a NAT64 Policy
    • DNS Doctoring
• Routing
  • About Routing
    • About Metrics and Administrative Distance
      • About Metrics
      • About Administrative Distance
    • Route Advertisement
    • ECMP Routing
    • Policy-based Routing
    • Policy-based TOS Routing
    • PBR Metric-based Priority
    • Policy-based Routing and IPv6
    • OSPF and RIP Advanced Routing Services
      • About Routing Services
        • Protocol Type
        • Maximum Hops
        • Split-Horizon
        • Poison Reverse
        • Routing Table Updates
        • Subnet Sizes Supported
        • Autonomous System Topologies
      • OSPF Terms
    • Drop Tunnel Interface
    • App-based Routing
  • Rules and Policies > Routing Rules
    • Configuring Routing Rules
      • Adding Static Routes
      • Probe-Enabled Policy-based Routing Configuration
• DNS Rules
  • Creating DNS Filtering Profiles
  • Configuring DNS Filtering
    • Creating DNS Policy Rules
      • Editing DNS Policies
      • Deleting DNS Policies
    • Configuring Global DNS Filtering Settings
    • Configuring DNS Filtering Custom Domains
  • Viewing DNS Rules Information
    • Viewing DNS Rules Using the Dashboard
    • Viewing DNS Filtering Reports
• Content Filter Rules
  • About Content Filtering Rules (CFS)
    • About Content Filter Rules
    • About UUIDs for CFS Policies
    • About Content Filter Action Objects
    • How CFS Works
  • Configuring CFS Policies
    • About the Content Filter Rule Table
      • Searching the Content Filter Rule Table
    • Adding a Content Filter Rule
    • Editing a Content Filter Rule
    • Deleting Content Filter Rules
• App Rules
  • About App Rules
    • What are App Rules?
      • About App Rules Policies
      • About App Rules Capabilities
    • Benefits of App Rules
    • How Does Application Control Work?
    • About App Rules Policy Creation
    • Licensing App Rules and App Control
    • Terminology
  • Rules and Policies > App Rules
    • Configuring an App Rules Policy
  • Verifying App Rules Configuration
    • Useful Tools
      • Wireshark
      • Hex Editor
  • App Rules Use Cases
    • Creating a Regular Expression in a Match Object
    • Policy-based Application Rules
    • Logging Application Signature-based Policies
    • Compliance Enforcement
    • Server Protection
    • Hosted Email Environments
    • Email Control
    • Web Browser Control
    • HTTP Post Control
    • Forbidden File Type Control
    • ActiveX Control
    • FTP Control
      • Blocking Outbound Proprietary Files Over FTP
      • Blocking Outbound UTF-8 / UTF-16 Encoded Files
      • Blocking FTP Commands
    • Bandwidth Management
    • Bypass DPI
    • Custom Signature
    • Reverse Shell Exploit Prevention
      • Generating the Network Activity
      • Capturing and Exporting the Payload to a Text File Using Wireshark
      • Creating a Match Object
      • Defining the Policy
• Endpoint Rules
• SonicWall Support
  • About This Document

Terminology

Application layer: The seventh level of the 7-layer OSI model; examples of application layer protocols are AIM, DNS, FTP, HTTP, IMAP, MSN Messenger, POP3, SMTP, SNMP, TELNET, and Yahoo Messenger

Bandwidth management: The process of measuring and controlling the traffic on a network link to avoid network congestion and poor performance of the network

Client: Typically, the client (in a client-server architecture) is an application that runs on a personal computer or workstation, and relies on a server to perform some operations

Digital rights management: Technology used by publishers or copyright owners to control access to and usage of digital data

FTP: File Transfer Protocol, a protocol for exchanging files over the Internet

Gateway: A computer that serves as an entry point for a network; often acts as a firewall or a proxy server

Granular control: The ability to control separate components of a system

Hexadecimal: Refers to the base-16 number system

HTTP: Hyper Text Transfer Protocol, the underlying protocol used by the World Wide Web

HTTP redirection: Also known as URL redirection, a technique on the Web for making a Web page available under many URLs

IPS: Intrusion Prevention Service

MIME: Multipurpose Internet Mail Extensions, a specification for formatting non-ASCII messages such as graphics, audio, or video, so that they can be sent over the internet

POP3: Post Office Protocol, a protocol used to retrieve email from a mail server; can be used with or without SMTP

Proxy: A computer that operates a network service that allows clients to make indirect network connections to other network services

SMTP: Simple Mail Transfer Protocol, a protocol used for sending email messages between servers

UDP: User Datagram Protocol, a connectionless protocol that runs on top of IP networks