|
1
|
|
2
|
|
3
|
|
4
|
Select the service or group of services affected by the access rule from the Service list. The Default service encompasses all IP services.
|
If the service is not listed, you must define the service in the Add Service dialog. Select Create New Service or Create New Group to display the Add Service dialog or Add Service Group dialog.
|
5
|
Select the source of the traffic affected by the access rule from the Source list. Selecting Create New Network displays the Add Address Object window.
|
|
6
|
If you want to define the source IP addresses that are affected by the access rule, such as restricting certain users from accessing the Internet, type the starting IP addresses of the address range in the Address Range Begin field and the ending IP address in the Address Range End field. To include all IP addresses, type * in the Address Range Begin field.
|
|
7
|
Select the destination of the traffic affected by the access rule from the Source list. Selecting Create New Network displays the Add Address Object dialog.
|
|
8
|
From the Users Allowed menu, add the user or user group affected by the access rule.
|
|
9
|
|
10
|
Enter any comments to help identify the access rule in the Comments field.
|
|
11
|
The Allow Fragmented Packets check box is enabled by default. Large IP packets are often divided into fragments before they are routed over the Internet and then reassembled at a destination host.
|
|
12
|
Click the Advanced tab.
|
|
13
|
To timeout the access rule after a period of TCP inactivity, set the amount of time, in minutes, in the TCP Connection Inactivity Timeout (minutes) field. The default value is 5 minutes.
|
|
14
|
To timeout the access rule after a period of UDP inactivity, set the amount of time, in minutes, in the UDP Connection Inactivity Timeout (minutes) field. The default value is 30 minutes.
|
|
15
|
Specify the number of connections allowed as a percent of maximum number of connections allowed by the SonicWALL security appliance in the Number of connections allowed (% of maximum connections) field. Refer to Connection Limiting Overview, for more information on connection limiting.
|
|
16
|
Select Create a reflexive rule to create a matching access rule to this one in the opposite direction--from your destination zone or address object to your source zone or address object.
|
|
17
|
Click on the QoS tab to apply DSCP or 802.1p Quality of Service management to traffic governed by this rule. See the 802.1p and DSCP QoS, for more information on managing QoS marking in access rules.
|
|
18
|
|
•
|
None: DSCP values in packets are reset to 0.
|
|
•
|
Preserve (default): DSCP values in packets remain unaltered.
|
|
•
|
Explicit: Set the DSCP value to the value selected in the Explicit DSCP Value field. This is a numeric value between 0 and 63. Some of the standard values are:
|
|
•
|
0 - Best effort/Default (default)
|
|
•
|
8 - Class 1
|
|
•
|
10 - Class 1, Gold (AF11)
|
|
•
|
12 - Class 1, Silver (AF12)
|
|
•
|
14 - Class 1, Bronze (AF13)
|
|
•
|
16 - Class 2
|
|
•
|
18 - Class 2, Gold (AF21)
|
|
•
|
20 - Class 2, Silver (AF22)
|
|
•
|
22 - Class 2, Bronze (AF23)
|
|
•
|
24 - Class 3
|
|
•
|
26 - Class 3, Gold (AF31)
|
|
•
|
27 - Class 3, Silver (AF32)
|
|
•
|
30 - Class 3, Bronze (AF33)
|
|
•
|
32 - Class 4
|
|
•
|
34 - Class 4, Gold (AF41)
|
|
•
|
36 - Class 4, Silver (AF42)
|
|
•
|
38 - Class 4, Bronze (AF43)
|
|
•
|
40 - Express Forwarding
|
|
•
|
46 - Expedited Forwarding (EF)
|
|
•
|
48 - Control
|
|
•
|
56 - Control
|
|
•
|
Map: The QoS mapping settings on the Firewall > QoS Mapping page will be used. See Firewall Settings > QoS Mapping (NSA Series Only) for instructions on configuring the QoS Mapping. If you select Map, you can select Allow 802.1p Marking to override DSCP values.
|
|
19
|
|
•
|
None (default): No 802.1p tagging is added to the packets.
|
|
•
|
Preserve: 802.1p values in packets will remain unaltered.
|
|
•
|
Explicit: Set the 802.1p value to the value you select in the Explicit 802.1p Value field. This is a numeric value between 0 and 7:
|
|
•
|
0 - Best effort (default)
|
|
•
|
1 - Background
|
|
•
|
2 - Spare
|
|
•
|
3 - Excellent effort
|
|
•
|
4 - Controlled load
|
|
•
|
5 - Video (<100ms latency)
|
|
•
|
6 - Voice (<10ms latency)
|
|
•
|
7 - Network control
|
|
•
|
Map: The QoS mapping settings on the Firewall > QoS Mapping page will be used. See Firewall Settings > QoS Mapping (NSA Series Only), for instructions on configuring the QoS Mapping.
|
|
20
|
Click OK to add the rule.
|
