SonicOS 7 Rules and Policies

Defining the Policy

After creating the match objects, you can define a policy that uses them. The image that follows shows the other policy settings. This example as shown is specific for reverse shells in both the Policy Name and the Direction settings. As mentioned, it might also be tailored for a wider scope with the Direction setting changed to Both and a more generic name.

A log entry with a Category of Network Access is generated after a connection Reset/Drop. Log Entry After a Connection Reset/Drop shows the log entry, including the message stating that it is an Application Control Alert and displaying the policy name:

Log Entry After a Connection Reset/Drop

As experience suggests, appropriate security measures would include several layers of intelligence, and no single approach can be considered a definitive defense against hostile code.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.