What is Stealth Mode?

03/26/2020 90 13840

DESCRIPTION:
What is Stealth Mode?

RESOLUTION:

Normally, when a connection is attempted to the SonicWall or a node behind it from the WAN or DMZ, the SonicWall sends a reset packet back to the client that initiated the connection then drops it. This is the correct behavior based on the IP protocol specifications. However, some users prefer that security devices not respond at all, as any response confirms that a device exists at the IP address to which the client tried to connect. If the security device does not respond, the result is as if the remote node is trying to connect to an IP address that is not assigned to anything. This is known as stealth mode.

By default, the SonicWall responds to any denied connection with a reset packet. The SonicWall can be configured to operate in stealth mode by selecting the option on the appropriate page:

• Firmware 6.X (and prior): on the Access > Services tab
• SonicOS Standard: on the Firewall | Access Rules | Advanced page
• SonicOS Enhanced: on the Firewall |  Advanced page
• SonicOS 6.5 : Navigate to the Manage Tab, navigate to Firewall Settings | Advanced Settings

If the SonicWall firewall appliance is running SonicOS Enhanced firmware, it is possible to enable stealth mode for specific access rules. When creating new access rules on the Firewall > Access Rules page, traffic may be blocked by specifying either the "deny" or "discard" action. Choosing the deny action means that a reset packet will be sent to the machine requesting the blocked traffic. Choosing the discard action means that no reset packet will be sent in response to blocked traffic. Instead, the firewall will act as though it were in stealth mode for the access rule in question.