Firewall : Firewall > Access Rules

Stateful Packet Inspection Default Access Rules Overview
By default, the Dell SonicWALL network security appliance’s stateful packet inspection allows all communication from the LAN to the Internet, and blocks all traffic to the LAN from the Internet. The following behaviors are defined by the “Default” stateful inspection packet access rule enabled on the Dell SonicWALL network security appliance:
Additional network access rules can be defined to extend or override the default access rules. For example, access rules can be created that allow access from the LAN zone to the WAN Primary IP address, or block certain types of traffic such as IRC from the LAN to the WAN, or allow certain types of traffic, such as Lotus Notes database synchronization, from specific hosts on the Internet to specific hosts on the LAN, or restrict use of certain protocols such as Telnet to authorized users on the LAN.
Custom access rules evaluate network traffic source IP addresses, destination IP addresses, IP protocol types, and compare the information to access rules created on the Dell SonicWALL security appliance. Network access rules take precedence, and can override the Dell SonicWALL security appliance’s stateful packet inspection. For example, an access rule that blocks IRC traffic takes precedence over the Dell SonicWALL security appliance default setting of allowing this type of traffic.
Using Bandwidth Management with Access Rules Overview
Bandwidth management (BWM) allows you to assign guaranteed and maximum bandwidth to services and prioritize traffic. Using access rules, BWM can be applied on specific network traffic. Packets belonging to a bandwidth management enabled policy will be queued in the corresponding priority queue before being sent.
You must configure Bandwidth Management individually for each interface on the Network > Interfaces page. Click the Configure icon for the interface, and select the Advanced tab. Enter your available egress and ingress bandwidths in the Available interface Egress Bandwidth (Kbps) and Available interface Ingress Bandwidth (Kbps) fields, respectively. This applies when the Bandwidth Management Type on the Firewall Services > BWM page is set to either Advanced or Global.
Global Bandwidth Example Scenario
If you create an access rule for outbound mail traffic (such as SMTP) and enable bandwidth management with the following parameters:
The outbound SMTP traffic is guaranteed 20% of available bandwidth available to it and can get as much as 40% of available bandwidth. If SMTP traffic is the only BWM enabled rule:
Now consider adding the following BWM-enabled rule for FTP:
When configured along with the previous SMTP rule, the traffic behaves as follows:
Configuring Access Rules for IPv6
For complete information on the SonicOS implementation of IPv6, see IPv6 .
 
 
 
 
Access Rules can be configured for IPv6 in a similar manner to IPv4 VPNs after selecting the IPv6 option in the View IP Version radio button at the top left of the Firewall > Access Rules page.