Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Understanding Action Objects and how to add them

05/11/2020 0 People found this article helpful 88,311 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    Action Objects define how the App Rules policy reacts to matching events. There are options to create a custom action object or select one of the predefined, default actions.

    Resolution

    There are a number of system-defined, default actions that are predefined by SonicOS. These default action objects cannot be edited or deleted. The default actions are displayed in the Edit App Rule Policy dialog when you add or edit policy from the Manage | Rules | App Rules page.

    Several BWM action object options are available in the predefined, default action list. The BWM action options change depending on the Bandwidth Management Typesetting on the Firewall Settings | Bandwidth Management page. If the Bandwidth Management Type is set to Global, all eight priorities are selectable. If the Bandwidth Management Type is set to Advanced, no priorities are selectable, but the predefined priorities are available when adding a policy.

    Several Bypass action options are available in the default action list. These are available if the indicated security services are licensed on the firewall.


    Predefined Default Action Availability:

    Always AvailableIf BWM Type = 
    GlobalAdvanced
    Reset / DropBWM Global-RealtimeAdvanced BWM Low
    No ActionBWM Global-HighestAdvanced BWM Medium
    Bypass DPIBWM Global-HighAdvanced BWM High
    Packet MonitorBWM Global-Medium High
    Bypass GAVBWM Global-Medium
    Bypass IPSBWM Global-Medium Low
    Bypass SPYBWM Global-Low
    Bypass Capture ATPBWM Global-Lowest


    Predefined Default Action Object Descriptions:

    Action TypeDescription
    Reset / DropFor TCP, the connection will be reset. For UDP, the packet will be dropped.
    No ActionPolicies can be specified without any action. This allows “log only” policy types.
    Bypass DPIBypasses Deep Packet Inspection components IPS, GAV, Anti-Spyware and application control. This action persists for the duration of the entire connection as soon as it is triggered. Special handling is applied to FTP control channels that are never bypassed for application control inspection. This action supports proper handling of the FTP data channel. Note that Bypass DPI does not stop filters that are enabled on the Firewall Settings > SSL Control page.
    Packet MonitorUse the SonicOS Packet Monitor capability to capture the inbound and outbound packets in the session, or if mirroring is configured, to copy the packets to another interface. The capture can be viewed and analyzed with Wireshark.
    BWM Global-RealtimeManages inbound and outbound bandwidth, can be configured for guaranteed bandwidth in varying amounts and maximum/burst bandwidth usage up to 100% of total available bandwidth, sets a priority of zero.
    BWM Global-HighestManages inbound and outbound bandwidth, can be configured for guaranteed bandwidth in varying amounts and maximum/burst bandwidth usage up to 100% of total available bandwidth, sets a priority of one.
    BWM Global-HighManages inbound and outbound bandwidth, can be configured for guaranteed bandwidth in varying amounts (default is 30%) and maximum/burst bandwidth usage up to 100% of total available bandwidth, sets a priority of two.
    BWM Global-Medium HighManages inbound and outbound bandwidth, can be configured for guaranteed bandwidth in varying amounts and maximum/burst bandwidth usage up to 100% of total available bandwidth, sets a priority of three.
    BWM Global-MediumManages inbound and outbound bandwidth, can be configured for guaranteed bandwidth in varying amounts (default is 50%) and maximum/burst bandwidth usage up to 100% of total available bandwidth, sets a priority of four.
    BWM Global-Medium LowManages inbound and outbound bandwidth, can be configured for guaranteed bandwidth in varying amounts and maximum/burst bandwidth usage up to 100% of total available bandwidth, sets a priority of five.
    BWM Global-LowManages inbound and outbound bandwidth, can be configured for guaranteed bandwidth in varying amounts (default is 20%) and maximum/burst bandwidth usage up to 100% of total available bandwidth, sets a priority of six.
    BWM Global-LowestManages inbound and outbound bandwidth, can be configured for guaranteed bandwidth in varying amounts and maximum/burst bandwidth usage up to 100% of total available bandwidth, sets a priority of seven.
    Bypass GAVBypasses Gateway Anti-Virus inspections of traffic matching the policy. This action persists for the duration of the entire connection as soon as it is triggered. Special handling is applied to FTP control channels that are never bypassed for application control inspection. This action supports proper handling of the FTP data channel.
    Bypass IPSBypasses Intrusion Prevention Service inspections of traffic matching the policy. This action persists for the duration of the entire connection as soon as it is triggered. Special handling is applied to FTP control channels that are never bypassed for application control inspection. This action supports proper handling of the FTP data channel.
    Bypass SPYBypasses Anti-Spyware inspections of traffic matching the policy. This action persists for the duration of the entire connection as soon as it is triggered. Special handling is applied to FTP control channels that are never bypassed for
    application control inspection. This action supports proper handling of the FTP data channel.
    Bypass Capture ATPProvides a way to skip Capture Advanced Threat Protection (ATP) analysis in specific cases when you know the file is free of malware. This action persists for the duration of the entire connection as soon as it is triggered. This option does not prevent other anti-threat components, such as GAV and Cloud Anti-Virus, from examining the file.


    Action Types for Custom Action Objects: 

    The Action types available for creating custom action objects are displayed in the Add/Edit Action Object dialog, which is displayed when you click Add at the top of the Manage | Objects | Action Objects page.

    Image

    NOTE: You can create custom action objects using the Action types available under Action Object Settings in the Add/Edit Action Object dialog. The default predefined action objects cannot be edited or deleted. When you create a policy, the Edit App Control Policy dialog provides a way for you to select from the predefined action objects along with any custom actions that you have defined.

    Action Types for Custom Action Objects:

    Action TypeDescription
    Block SMTP Email - Send Error ReplyBlocks SMTP email and notifies the sender with a customized error message.
    Disable Email Attachment - Add TextDisables attachment inside of an email and adds customized text.
    Email - Add TextAppends custom text at the end of the email.
    FTP Notification ReplySends text back to the client over the FTP control channel without terminating the connection.
    HTTP Block PageAllows a custom HTTP block page configuration with a choice of colors.
    HTTP RedirectProvides HTTP Redirect functionality. For example, if someone would like to redirect people to the Google Web site, the customizable part will look like: http://www.google.com If an HTTP Redirect is sent from Application Control to a browser that has a form open, the information in the form will be lost.
    Bandwidth ManagementAllows the definition of bandwidth management constraints with the same semantics as Access Rule BWM policy definition.


    A priority setting of zero is the highest priority. Guaranteed bandwidth for all levels of BWM combined must not exceed 100%.

    Actions Using Bandwidth Management:

    Application layer bandwidth management (BWM) allows you to create policies that regulate bandwidth consumption by specific file types within a protocol while allowing other file types to use unlimited bandwidth. This enables you to distinguish between desirable and undesirable traffic within the same protocol. Application layer bandwidth management is supported for all Application matches, as well as custom App Rules policies using HTTP client, HTTP Server, Custom, and FTP file transfer types.

    If the Bandwidth Management Type on the Firewall Settings > Bandwidth Management page is set to Global, application layer bandwidth management functionality is supported with eight predefined, default BWM priority levels, available when adding a policy from the Rules > App Rules page.

    All application bandwidth management is tied in with global bandwidth management, which is configured on the Manage | Firewall Settings | Bandwidth Management page.

    Image

    TIP: As a best practice, configure the global Bandwidth Management settings on the Firewall Settings | Bandwidth Management page should always be done before configuring any BWM policies.

    Add/Edit Action Objects Page with Bandwidth Management Type Global:

    Image

    NOTE: All priorities are displayed (Realtime - Lowest) regardless of whether they have been configured. Refer to the Firewall Settings > Bandwidth Management page to determine which priorities are enabled. If the Bandwidth Management Type is set to Global and you select a Bandwidth Priority that is not enabled, the traffic is automatically mapped to the level 4 priority (4 Medium).

    With Advanced mode of BWM, the Advanced BWM action objects can be edited from Manage | Objects > Bandwidth Objects tab.

    Bandwidth Management Methods:

    The Bandwidth Management feature can be implemented in two separate ways:

    Image

    1. Per Policy Method – The bandwidth limit specified in the policy is applied individually to each policy 

      EXAMPLE: Two policies each have an independent limit of 500kb/s, the total possible bandwidth between those two rules is 1000kb/s.

    2. Per Action Aggregate Method – The bandwidth limit action is applied (shared) across all policies to which it is applied.

      EXAMPLE: Two policies share a BWM limit of 500kb/s, limiting the total bandwidth between the two policies to 500kb/s.

    To configure an Action Object:

    1. In the MANAGE view, navigate to Policies | Objects > Action Objects.
    2. At the top of the page above the table, click Add.
      Image
    3. In the Add/Edit Action Object dialog, type a descriptive name in the Action Name field.
    4. In the Action drop-down menu, select the action type that you want.
    5. In the Content field, type the text or URL to be used in the action.
      Image
    6. If HTTP Block Page was selected as the action type, the options change.
      a) In the Content field, enter the content to be displayed when a page is blocked.

      b) From the Color drop-down menu, choose a background color for the block page: White, Yellow, Red, Blue
      c) To preview the block page message, click the Preview button.
      Image
    7. If Bandwidth Management was selected as the action type, the options change.
    8. Click OK

      NOTE: Action objects are used in conjunction with Match objects to create App rules. Please use the link Most Common Configurations For App Rules to look at the way these Match Objects can be used for specific scenarios.

    Related Articles

    • L2TP user to access the network across site to site vpn.
    • Global VPN Client slowing down the internet speed
    • App Control fails by schema error when editing VPN category

    Categories

    • Firewalls > NSa Series > Application Firewall
    • Firewalls > SonicWall NSA Series > Application Firewall
    • Firewalls > TZ Series > Application Firewall

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top
    Trace:bc25ceab620983726ed9b9f9e3bc8474-80