Filter
Top Products
Firewall > Access Rules
612
SonicOS 5.8.1 Administrator Guide
Editing an Access Rule
To display the Edit Rule window (includes the same settings as the Add Rule window), click
the Edit icon.
Deleting an Access Rule
To delete the individual access rule, click on the Delete icon. To delete all the checkbox
selected access rules, click the Delete button.
Enabling and Disabling an Access Rule
To enable or disable an access rule, click the Enable checkbox.
Restoring Access Rules to Default Zone Settings
To remove all end-user configured access rules for a zone, click the Default button. This will
restore the access rules for the selected zone to the default access rules initially setup on the
SonicWALL security appliance.
Displaying Access Rule Traffic Statistics
Move your mouse pointer over the Graph icon to display the following access rule receive (Rx)
and transmit (Tx) traffic statistics:
• Rx Bytes
• Rx Packets
• Tx Bytes
• Tx Packets
Connection Limiting Overview
The Connection Limiting feature is intended to offer an additional layer of security and control
when coupled with such SonicOS features as SYN Cookies and Intrusion Prevention Services
(IPS). Connection limiting provides a means of throttling connections through the SonicWALL
using Access Rules as a classifier, and declaring the maximum percentage of the total available
connection cache that can be allocated to that class of traffic.
Coupled with IPS, this can be used to mitigate the spread of a certain class of malware as
exemplified by Sasser, Blaster, and Nimda. These worms propagate by initiating connections
to random addresses at atypically high rates. For example, each host infected with Nimda
attempted 300 to 400 connections per second, Blaster sent 850 packets per second, and
Sasser was capable of 5,120 attempts per second. Typical, non-malicious network traffic
generally does not establish anywhere near these numbers, particularly when it is Trusted -
>Untrusted traffic (i.e. LAN->WAN). Malicious activity of this sort can consume all available
connection-cache resources in a matter of seconds, particularly on smaller appliances.
In addition to mitigating the propagation of worms and viruses, Connection limiting can be used
to alleviate other types of connection-cache resource consumption issues, such as those posed
by uncompromised internal hosts running peer-to-peer software (assuming IPS is configured to
allow these services), or internal or external hosts using packet generators or scanning tools.