How to configure the local policy

03/26/2020 20 People found this article helpful 484,824 Views

Description

Resolution

Configure the Local Policy in Global Security Client.

The Local policy of the Distributed Security Client can be configured by the user. This allows you to define the firewall policy for your desktop when the Global VPN Client Enterprise is not connected to your corporate network. The following explains the configuration options available to Distributed Security Client users in Standalone mode.

To display the Local policy firewall settings, select Local policy and click the Properties button on the SonicWall Distributed Security Client window toolbar, or choose View>Properties. The Distributed Security Client Properties window is displayed with five tabs: Security, Advanced Rules, Application Rules, NetBIOS Settings, and Log Settings.

Alert! These settings are configurable only if the Standalone policy is enabled. Otherwise, the Policy Editor on the SonicWall gateway manages these settings and the settings in the Distributed Security Client Properties window are dimmed.

Security

Selecting Security displays the configurable security settings for the SonicWall Distributed Security Client. After making any security setting changes, click the Apply button to save your changes.

Protection

The Protection settings define the security level provided by the Distributed Security Client.

Allow All - Permits the transmission of all network traffic, including the Internet, to and from your computer system via network connections. The Allow All setting still logs all traffic that enters or exits your system.
Block All - Prevents all information entering or leaving your computer from any outside source. All network traffic is blocked from entering or leaving your computer.
Normal - A configurable security setting that automatically blocks applications from accessing your computer except those specified in the Advanced Rules and Application Rules pages of the Distributed Security Client Properties window.

Attacks

The Attacker Seal enables the Active Response feature, which blocks all communication from a source host once an attack is detected. It blocks any and all traffic from that IP for the duration specified in the Seconds field.

Anti-IP (Anti-IP Spoofing)

IP spoofing is a process used by hackers to hijack a communication session between two computers. A hacker can send a data packet that causes Computer A to drop the communication. Then, pretending to be Computer A, the hacker can communicate with Computer B, thus hijacking a communication session and attempting to attack Computer B. Anti-IP spoofing foils most IP spoofing attempts by randomizing the sequence numbers of each communication packet, preventing a hacker from anticipating a packet and intercepting it.

Anti-MAC (Anti-MAC Spoofing)

Like IP spoofing, hackers can use MAC spoofing to attempt to hijack a communication session between two computers in order to hack one of the machines. MAC (media access control) addresses are hardware addresses that identify computers, servers, routers, etc. When Computer A wishes to communicate with Computer B, it may send an ARP (Address Resolution Protocol) packet to the computer. The Anti-MAC spoofing feature blocks any ARP packets sent to your computer. This way, hackers attempting to determine your MAC address will be blocked from doing so. If you request an ARP packet, SonicWall Distributed Security Client will allow it.

Stealth (Stealth Mode Browsing)

Stealth mode refers to a computer that is hidden from other computers while on a network. A computer on the Internet, for example, if in stealth mode cannot be detected by port scans or communication attempts, such as ping. If you enable the Stealth feature, your computer will be invisible to other computers on any network you’re connected to.

Port Scanner (Port Scan Detection)

Port scanning is a popular method that hackers use to determine which of your computer’s ports are open to communication. Ports are dynamically blocked in the Distributed Security Client, and are protected from hacking attempts. The Port Scanner feature detects if someone is scanning your ports, and notifies you. If disabled, Distributed Security Client does not detect scans or notify you of scans but still protects your ports from hacking attempts.

Pre-Start

Pre-Start prevents any traffic from entering or leaving your computer during the precious seconds between the time that your computer turns on and the Distributed Security Client is launched. This time frame is a small security hole that can allow unauthorized communication. Enabling Pre-start prevents possible Trojan Horses or other unauthorized applications from communicating with other computers. This includes initial DHCP and NetBIOS traffic so that the agent can obtain an IP address and log on to a domain.

NetBIOS Protection

NetBIOS Protection blocks all communication from computers located outside of your subnet range. A subnet is a group of computers that connect to the same gateway. If your computer is located on an office network, then other computers in your office are most likely on your subnet. If you connect to the Internet using an ISP, your subnet may be very large. NetBIOS traffic is blocked on UDP ports 88, 137, and TCP ports 135, 139, 445, and 1026.

Advanced Rules

The Advanced Rules page allows you to create and manage firewall filter rules.

Creating a Rule

To create a firewall filter rule, you must first specify the kind of traffic that should be affected by the rule. There are several different characteristics of traffic, each of which you can use to specify the kind of traffic that you want to control.

Note: You can create a maximum of 32 advanced rules for the Local policy as well as the Distributed policy from the Policy Editor.

To create a new rule, follow these steps:

1. Click New. The New Advanced Rule dialog box is displayed.
2. Enter a name for your rule in the Rule field. This is the name displayed in the Rules list.
3. Configure the following settings to specify the characteristics of the traffic.

Action - Select Block to block the specified traffic or Allow to allow the specified traffic.
Direction - Select one of the traffic direction options: Inbound, Outbound, or Both.
Protocol - Select the protocol the rule affects. You can select TCP, UDP, or ICMP.
Details - Specify the port number(s), and IP address (es). To enter a range, separate the first and last port numbers or IP addresses with a comma; for example, 59153, 59160.

4. After specifying your rule settings, click OK.
5. Click Apply to save your changes.

Modifying Rules

To modify a rule, follow these steps:

1. Select the rule in the Rules list
2. Click Edit. The Edit Advanced Rule dialog box is displayed. This dialog box includes the same settings as the New Advanced Rule dialog box.
3. Modify any of the following settings to specify the characteristics of the traffic.

Action - Select Block to block the specified traffic or Allow to allow the specified traffic.
Direction - Select one of the traffic direction options: Inbound, Outbound, or Both.
Protocol - Select the protocol the rule affects. You can select TCP, UDP, or ICMP.
Details - Specify the port number(s), and IP address(es). To enter a range, separate the first and last port numbers or IP addresses with a comma; for example, 59153, 59160.

4. Click OK.
5. Click Apply.

Deleting a Rule

To delete a rule, select the rule in the Rules list, and then click the Delete button. Click Apply to save your changes.

Defining Rule Priority

The first rule in the Rules list supersedes the rule below it. You can rearrange the order of your rules by selecting the rule and then clicking the Up or Down button.

Application Rules

The Application Rules page allows you to configure security settings for each application on your application list by setting certain restrictions on which IPs and Ports an application can use.

Applications listed with a checkbox in the bottom section of the Application Rules page were discovered by the Distributed Security Client as running. The default configuration is to allow these applications to run. To block any of these applications, click on the checkbox associated with the application. Click the Block button to move application (s) up to the Applications list. Click Apply to save your changes.

Adding an Application

1. Click New. The New Application Rule dialog box is displayed.

2. Click the Browse button to locate the executable application file on your system.

3. Enter trusted IP addresses or IP ranges in the Trusted Host IP Address (es) field. This IP address or range of IP addresses become trusted for this application. This means that anything arriving from this IP address or range of IP addresses are trusted if the traffic is in the form of the specified application.

4. Select Allow or Block from the Action menu to specify whether you want to allow or block the traffic for this application.

5. Enter the TCP and UDP port or port range(es) in the TCP Port and UDP Port fields in the Local and Remote sections that can be utilized for this application.

6. After specifying your rule settings, click OK.

7. Click Apply to save your changes.

Modifying an Application Rule

To modify an application rule click here Modifying Rules

Deleting an Application Rule

To delete an application, select the application in the Application list, and then click Delete.

Click Apply to save your changes.

NetBIOS Settings

The NetBIOS Settings page displays the network interfaces on your computer recognized and protected by the Distributed Security Client. The SonicWall Virtual Adapter entry is the interface for the SonicWall Global VPN Client Enterprise application.

The NetBIOS Settings page allows you to enable or disable Windows Browse and Share networking services for each network interface. Check the Enable box to enable the service on the interface or unselect the Enable checkbox to disable the service.

Log Settings

The Log Settings page allows you to specify the maximum Security Log, and Traffic Log file size and the days to keep the log file. The default Maximum log file size for all three logs is 512K. The default Days to keep is 30 days. To change any log setting, enter the new Maximum log file size and/or Days to keep values, and then click Apply.

Logs

In the Distributed Security Client, a log is a record of information attempting to enter or exit your computer through your network connection. Logs are an important method for tracking your computer’s activity and interaction with other computers and networks. They are particularly useful in detecting potentially threatening activity, such as port scanning, which is aimed at your computer.

To view these logs, click the Logs button on the Distributed Security Client window toolbar and select either Security or Traffic or choose View>Logs.

The Security log records potentially threatening activity directed towards your computer, such as port scanning, or denial of service attacks. This log is probably the most important log file in the Distributed Security Client.
The Traffic log records every packet of information that enters or leaves a port on your computer.

Source: Excerpted from Global Security Client (GSC) Administrator Guide

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

How to configure the local policy

Description

Resolution

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch