Wizards > Application Firewall Wizard

The Application Firewall Wizard provides safe configuration for many common use cases, but not for everything. If at any time during the Application Firewall Wizard you are unable to find the options that you need, you can click Cancel and proceed using manual configuration.

To use the Application Firewall Wizard to configure application firewall:

Click Wizard on the top right corner of the SonicOS management interface. The Configuration Wizard Welcome dialog displays.

Select the Application Firewall Wizard radio button.

Click Next. The Application Firewall Wizard Introduction page displays.

Click Next. The Application Firewall Policy Type page displays.

Select a policy type, which will apply only to the type of traffic that you select:

•

I would like to apply a policy to SMTP email

•

I would like to apply a policy to POP3 email

•

I would like to apply a policy to Web Access

•

I would like to apply a policy to FTP file transfer

NOTE: The options on the next page depend on your choice here.

Click Next. The Select <your choice> Rules for Application Firewall page displays.

Depending on your choice in the previous step, this page is one of four possible screens:

•

Select SMTP Rules for Application Firewall Policy

•

Select POP3 Rules for Application Firewall Policy

•

Select Web Access Rules for Application Firewall Policy

•

Select FTP Rules for Application Firewall Policy

Select a policy rule from the choices supplied.

Click Next. The page displayed here varies depending on your choice of policy rule in Step 5. For the following policy rules, the wizard displays the Set Application Firewall Object Content screen on which you can select the traffic direction to scan, and the content or keywords to match.

•

All SMTP policy rule types except Specify maximum email size

•

All POP3 policy rule types

•

All Web Access policy rule types

•

All FTP policy types except Make all FTP access read-only and Disallow usage of SITE command

In the Set Application Firewall Object Content screen, perform the following steps:

In the Direction drop-down list, select the traffic direction to scan from the drop-down list. Select one of Incoming, Outgoing, or Both.

Do one of the following:

NOTE: If you selected a choice with the words except the ones specified in the previous step, content that you enter here will be the only content that does not cause the action to occur.

•

In the Content field, type or paste a text or hexadecimal representation of the content to match, and then click Add. Repeat until all content is added to the List field.

•

To import keywords from a predefined text file that contains a list of content values, one per line, click Load From File.

Click Next.

If you selected a policy type in the previous step that did not result in the Set Application Firewall Object Content page with the standard options, the wizard displays a page that allows you to select the traffic direction, and certain other choices depending on the policy type.

•

In the Direction drop-down menu, select the traffic direction to scan.

•

SMTP: In the Set Maximum Email Size page, in the Maximum Email Size field, enter the maximum number of bytes for an email message.

•

Web Access: In the special-case Set Application Firewall Object Content page, the Content field has a drop-down menu with a limited number of choices, and no Load From File button is available. Select a browser from the drop-down menu.

•

FTP: In the special-case Set Application Firewall Object Content page, you can only select the traffic direction to scan.

Click Next.

In the Application Firewall Action Type page, select the action to take when matching content is found in the specified type of network traffic.

Click Next.

You will see one or more of the following choices depending on the policy type, which is shown in parentheses here for reference:

•

Blocking Action - block and send custom email reply (SMTP)

•

Blocking Action - block without sending email reply (SMTP)

•

Blocking Action - disable attachment and add custom text (POP3)

•

Blocking Action - custom block page (Web Access)

•

Blocking Action - redirect to new location (Web Access)

•

Blocking Action - reset connection (Web Access, FTP)

•

Blocking Action - add block message (FTP)

•

Add Email Banner (append text at the end of email) (SMTP)

•

Log Only (SMTP, POP3, Web Access, FTP)

In the Application Firewall Action Settings page (if it is displayed), in the Content field, type the text or URL that you want to use.

Click Next.

The Application Firewall Action Settings page is only displayed when you selected an action in the previous step that requires additional text. For a Web Access policy type, if you selected an action that redirects the user, you can type the new URL into the Content field.

In the Select Name for Application Firewall Policy page, in the Policy Name field, type a descriptive name for the policy.

Click Next.

In the Confirm New Application Firewall Policy Settings page, review the displayed values for the new policy and do one of the following:

•

To create a policy using the displayed configuration values, click Accept.

•

To change one or more of the values, click Back.

In the Application Firewall Policy Wizard Complete page, to exit the wizard, click Close.