Various Objects present in a SonicWall UTM
05/11/2020 0 People found this article helpful 108,325 Views
Most of the policies on the firewall are now object driven. These objects are essential building blocks to configure any type of policy E.g., CFS policy, App rules, App control policy, access rules etc. This KB includes details about the various objects present on any UTM as below:
- Match Objects
- Application List Objects
- Action Objects
- Address Objects
- Service Objects
- Bandwidth Objects
- Email Address Objects
- Content Filter Objects
- AWS Objects
- Dynamic External Objects
Match objects represent the set of conditions that must be matched for actions to take place. This includes the object type, the match type (exact, partial, regex, prefix, or suffix), the input representation (text or hexadecimal), and the actual content to match. Match objects were referred to as application objects in previous releases.
Hexadecimal input representation is used to match binary content such as executable files, while alphanumeric (text) input representation is used to match things like a file or email content. You can also use hexadecimal input representation for binary content found in a graphic image. Text input representation could be used to match the same graphic if it contains a certain string in one of its properties’ fields. Regular expressions (regex) are used to match a pattern rather than a specific string or value and use alphanumeric input representation.
The File Content match object type provides a way to match a pattern or keyword within a file. This type of match object can only be used with FTP Data Transfer, HTTP Server, or SMTP Client policies.
For more details and how to configure it, please use the link – Understanding Match Objects
Application List Objects:
It is a type of Match Object with an added advantage of grouping applications based on category, threat level, and technology.
For more details and how to configure it, please use the link – Application List Objects
Action Objects define how the App Rules policy reacts to matching events. There are options to create a custom action object or select one of the predefined, default actions.
For more details and how to configure it, please use the link – Understanding Action Objects And How To Add Them
Address Objects are one of four object classes (address, user, service, and schedule) in SonicOS Enhanced. These address objects allow for entities to be defined one time, and to be re-used in multiple referential instances throughout the SonicOS interface.
For more details and how to configure it, please use the link – Understanding Address Objects In SonicOS
Services are used by the SonicWall security appliance to configure access rules for allowing or denying traffic to the network. The SonicWall security appliance includes predefined default service objects and default service groups. You can edit, but not delete, default service objects and default service groups.
For more details and how to configure it, please use the link – How Can I Configure Service Objects?
Bandwidth management configuration is based on policies that specify bandwidth limitations for traffic classes. A complete bandwidth management policy consists of two parts: a classifier and a bandwidth rule.
A classifier specifies the actual parameters, such as priority, guaranteed bandwidth, and maximum bandwidth, and is configured in a bandwidth object. Classifiers identify and organize packets into traffic classes by matching specific criteria.
For more details and how to configure it, please use the link – How To Create Bandwidth Object In SonicOS Enhanced 5.9 & Above?
Email Address Objects:
Application control allows the creation of custom email address lists as email address objects. You can only use email address objects with App Rules policies when the Policy Type is SMTP Client. Email address objects can represent individual users or the entire domain. You can also create an email address object that represents a group by adding a list of individual addresses to the object. This provides a way to easily include or exclude a group of users when creating an App Rules policy of type SMTP client.
For more details and how to configure it, please use the link – How To Configure Email Address Objects?
Content Filter Objects:
SonicWall Content Filtering Service (CFS) version 4.0 delivers content filtering enforcement for educational institutions, businesses, libraries, and government agencies. With content filter objects, you can control the websites students and employees can access using their IT-issued computers while behind the organization’s firewall.
We have CFS profile objects, CFS action objects, and URI lists and groups that together can be used in the CFS policy to control the websites allowed or blocked through the firewall.
For more details and how to configure it, please use the link - Content Filtering Service (CFS) 4.0 Overview
The AWS Objects page is used to map the IP addresses of EC2 Instances running in the AWS Cloud with address objects and address groups configured on the firewall. The Manage | Objects | AWS Objects page allows a SonicOS administrator to specify sets of EC2 Instance properties. If any of the Instances in one of the monitored regions matches a set of properties, address objects and address groups are created so that, effectively an address group representing the Instance is added to the custom, pre-existing address group specified in the relevant mapping. This address group can be used in firewall policies and, thus, those policies can shape the interaction with EC2 Instances running on AWS.
For more details and how to configure them, please use the link – AWS Integration With SonicWall (SonicOS 6.5.X)
Dynamic External Objects:
A Dynamic External Address Group is an Address Group whose members are dynamic. Dynamic External Address Objects are intermediate, internal objects that are dynamically created and placed under a Dynamic External Address Group when a Dynamic External Address Group file is downloaded. The Dynamic External Objects feature eliminates the need for manually modifying an Address Group to add or remove members.
For more details and how to configure them, please use the link – What Are Dynamic External Objects/Groups And How Can We Configure It?