Various Objects present in a SonicWall UTM
05/11/2020 
0 
3834
DESCRIPTION:
Most of the policies on the firewall are now object driven. These objects are essential building blocks to configure any type of policy E.g., CFS policy, App rules, App control policy, access rules etc. This KB includes details about the various objects present on any UTM as below:
- Match Objects
- Application List Objects
- Action Objects
- Address Objects
- Service Objects
- Bandwidth Objects
- Email Address Objects
- Content Filter Objects
- AWS Objects
- Dynamic External Objects
RESOLUTION:
Match Objects:
Match objects represent the set of conditions that must be matched for actions to take place. This includes the object type, the match type (exact, partial, regex, prefix, or suffix), the input representation (text or hexadecimal), and the actual content to match. Match objects were referred to as application objects in previous releases.
Hexadecimal input representation is used to match binary content such as executable files, while alphanumeric (text) input representation is used to match things like a file or email content. You can also use hexadecimal input representation for binary content found in a graphic image. Text input representation could be used to match the same graphic if it contains a certain string in one of its properties’ fields. Regular expressions (regex) are used to match a pattern rather than a specific string or value and use alphanumeric input representation.
The File Content match object type provides a way to match a pattern or keyword within a file. This type of match object can only be used with FTP Data Transfer, HTTP Server, or SMTP Client policies.
For more details and how to configure it, please use the link – Understanding Match Objects
Application List Objects:
It is a type of Match Object with an added advantage of grouping applications based on category, threat level, and technology.
For more details and how to configure it, please use the link – Application List Objects
Action Objects:
Action Objects define how the App Rules policy reacts to matching events. There are options to create a custom action object or select one of the predefined, default actions.
For more details and how to configure it, please use the link – Understanding Action Objects And How To Add Them
Address Objects:
Address Objects are one of four object classes (address, user, service, and schedule) in SonicOS Enhanced. These address objects allow for entities to be defined one time, and to be re-used in multiple referential instances throughout the SonicOS interface.
For more details and how to configure it, please use the link – Understanding Address Objects In SonicOS
Service Objects:
Services are used by the SonicWall security appliance to configure access rules for allowing or denying traffic to the network. The SonicWall security appliance includes predefined default service objects and default service groups. You can edit, but not delete, default service objects and default service groups.
For more details and how to configure it, please use the link – How Can I Configure Service Objects?
Bandwidth Objects:
Bandwidth management configuration is based on policies that specify bandwidth limitations for traffic classes. A complete bandwidth management policy consists of two parts: a classifier and a bandwidth rule.
A classifier specifies the actual parameters, such as priority, guaranteed bandwidth, and maximum bandwidth, and is configured in a bandwidth object. Classifiers identify and organize packets into traffic classes by matching specific criteria.
For more details and how to configure it, please use the link – How To Create Bandwidth Object In SonicOS Enhanced 5.9 & Above?
Email Address Objects:
Application control allows the creation of custom email address lists as email address objects. You can only use email address objects with App Rules policies when the Policy Type is SMTP Client. Email address objects can represent individual users or the entire domain. You can also create an email address object that represents a group by adding a list of individual addresses to the object. This provides a way to easily include or exclude a group of users when creating an App Rules policy of type SMTP client.
For more details and how to configure it, please use the link – How To Configure Email Address Objects?
Content Filter Objects:
SonicWall Content Filtering Service (CFS) version 4.0 delivers content filtering enforcement for educational institutions, businesses, libraries, and government agencies. With content filter objects, you can control the websites students and employees can access using their IT-issued computers while behind the organization’s firewall.
We have CFS profile objects, CFS action objects, and URI lists and groups that together can be used in the CFS policy to control the websites allowed or blocked through the firewall.
For more details and how to configure it, please use the link - Content Filtering Service (CFS) 4.0 Overview
AWS Objects:
The AWS Objects page is used to map the IP addresses of EC2 Instances running in the AWS Cloud with address objects and address groups configured on the firewall. The Manage | Objects | AWS Objects page allows a SonicOS administrator to specify sets of EC2 Instance properties. If any of the Instances in one of the monitored regions matches a set of properties, address objects and address groups are created so that, effectively an address group representing the Instance is added to the custom, pre-existing address group specified in the relevant mapping. This address group can be used in firewall policies and, thus, those policies can shape the interaction with EC2 Instances running on AWS.
For more details and how to configure them, please use the link – AWS Integration With SonicWall (SonicOS 6.5.X)
Dynamic External Objects:
A Dynamic External Address Group is an Address Group whose members are dynamic. Dynamic External Address Objects are intermediate, internal objects that are dynamically created and placed under a Dynamic External Address Group when a Dynamic External Address Group file is downloaded. The Dynamic External Objects feature eliminates the need for manually modifying an Address Group to add or remove members.
For more details and how to configure them, please use the link – What Are Dynamic External Objects/Groups And How Can We Configure It?
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Email SecurityProtect against today’s advanced email threats
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
