Policy Configuration : Understanding the Network Access Rules Hierarchy
Configuring Advanced Firewall Settings in SonicOS Standard
To configure advanced access settings, complete the following steps:
1
Select the global icon, a group, or a SonicWALL appliance.
2
Expand the Firewall tree and click Advanced. The Advanced page displays.
3
Computers running Microsoft Windows communicate with each other through NetBIOS broadcast packets. By default, SonicWALL appliances block these broadcasts. To allow NetBIOS packets to pass among the interfaces select the appropriate check box in the Windows Networking (NetBIOS) Broadcast Pass Through section.
4
Detection prevention helps hide SonicWALL appliances from potential hackers. Select from the following Detection Prevention options:
To enable stealth mode, select Enable Stealth Mode. During normal operation, SonicWALL appliances respond to incoming connection requests as either “blocked” or “open.” During stealth operation, SonicWALL appliances do not respond to inbound requests, making the appliances “invisible” to potential hackers.
Hackers can use various detection tools to “fingerprint” IP IDs and detect the presence of a SonicWALL appliance. To configure the SonicWALL appliance(s) to generate random IP IDs, select Randomize IP ID.
5
Select the dynamic ports that are supported from the Dynamic Ports area:
Enable support for Oracle (SQLNet)—Select if you have Oracle applications on your network.
Enable support for Windows Messenger—Select this option to support special SIP messaging used in Windows Messenger on the Windows XP.
Enable RTSP Transformations—Select this option to support on-demand delivery of real-time data, such as audio and video. Real Time Streaming Protocol (RTSP) is an application-level protocol for control over delivery of data with real-time properties.
6
Drop Source Routed Packets is selected by default. Clear the check box if you are testing traffic between two specific hosts and you are using source routing.
7
Select Disable Anti-Spyware, Gateway AV and IPS Engine if you want to enable more connections at the expense of the Gateway Anti-Virus and Intrusion Prevention services. This is generally not recommended because it opens the SonicWALL security appliance to possible threats.
8
The Connection Inactivity Timeout option disables connections outside the LAN if they are idle for a specified period of time. Without this timeout, connections can stay open indefinitely and create potential security holes. To specify how long the SonicWALL appliance(s) wait before closing inactive connections outside the LAN, enter the amount of time in the Default Connection Timeout field (default: 25 minutes).
9
By default, FTP connections from port 20 are allowed, but remapped to outbound traffic ports such as 1024. If you select Force inbound and outbound FTP data connections to use default port 20, any FTP data connection through the SonicWALL must come from port 20 or the connection is dropped and logged.
* 
NOTE: To enforce IP Header, UDP, TCP, or ICMP checksums, select the appropriate option from the IP, UDP, TCP, ICMP Checksum Enforcement section.
10
When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.