Most popular configurations on SonicWall UTM Appliances

As an alternative for Microsoft TMG 2010 we are testing SonicWall Unified Threat Management Appliances.

Here https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7911 you’ll find most popular configurations on SonicWall UTM which covers nearly all wizards you have for publishing and access rules on Microsoft Threat Management Gateway.

But there are some descriptions outdated like the one to publish Exchange, it is just for legacy versions but not valid for current Exchange versions. You keep in mind to modify.

A good choice is not to follow completely every description. Think about which part of each description meet your needs. As if you going to publish your web server, you don’t need a reflexive policy and mostly not a loopback policy.

And think about if you use a reflexive policy that this source will be restricted to the service you used for this policy.

If you use the Failover & Loadbalancing feature on SonicWall it usually makes sense to use static routing if you want to force certain traffic going through a dedicated WAN interface.

Especially when you have L2TP clients on your LAN, they will not be able to connect to the external L2TP server on customer site, until you add a static route like: ANY to ANY for service ‘IKE’ for one of the WAN interfaces.

PPTP passthrough works out of the box.

And keep in mind, until you don’t change the access rules on a SonicWall, all outgoing traffic can pass the firewall. So your first step  should be to create a service group containing the service you like to allow by default to pass the firewall and change the access rule on SonicWall accordingly.

Then you can create your address objects for resources on your LAN and allow services on additional access rules like DNS for your DNS server which makes public DNS name queries or your SMTP server to be able to send messages.

 



Leave a Reply