SonicWall CSE: Policy Examples

Policy Overview #

Policies enforce which devices have access to protected services. Admins can configure policies by defining which roles and device Trust Levels are allowed access to a given service. Once configured, a policy can be applied to a service (e.g., hosted website, infrastructure service). This doc outlines examples of web, infrastructure, and Service Tunnel policy application.

Web policy example #

Web policies define user access to hosted websites based on roles, Trust Level, and website endpoints (Layer 7 networking) through an Access Tier.

Limiting hosted website use

An admin wants to limit access to admin and login pages on a hosted website. Their requirements are as follows:

Configure the required Trust Level and allowed Roles, as such:

Add Rules to restrict access to admin (!wp-admin*) and login (!wp-login*) endpoints:

Infrastructure policy example #

Infrastructure policies define user access to infrastructure services based on roles and Trust Levels. This type of policy can be used for any TCP services, such as an SSH service, an RDP service, a Kubernetes service, or a database service.

Limiting SSH access to a bastion host

An admin wants to limit SSH access to a bastion host. Their requirements are as follows:

Select all relevant roles, and apply the Medium or High Trust Level:

Service Tunnel policy example #

Tunnel policies define user access to network locations based on CIDR ranges, ports, and protocols from a Service Tunnel.

Limiting access to a file server

An admin wants to limit access to a file server. The requirements are as follows:

Configure the Roles and Trust Levels:

Configure the Exceptions: