SonicOS 8 Rules and Policies for Classic Mode
Table of Contents
About App Rules Policy Creation
You can use App Rules to create custom App Rules policies to control specific aspects of traffic on your network. A policy is a set of match objects, properties, and specific prevention actions. When you create a policy, you first create a match object, then select and optionally customize an action, then reference these when you create the policy.
In the POLICY | Rules and Policy > App Rules page, you can access the Add App Rule dialog by clicking +Add. The dialog options change depending on the Policy Type you select. For example, if SMTP Client is selected, the options are very different from a Policy Type of App Control Content.
Some examples of policies include:
- Block applications for activities such as gambling
- Disable
.exeand.vbsemail attachments - Do not allow the Mozilla browser on outgoing HTTP connections
- Do not allow outgoing email or MS Word attachments with the keywords,
SonicWall Confidential, except from the CEO and CFO - Do not allow outgoing email that includes a graphic or watermark found in all confidential documents
When you create a policy, you select a policy type. Each policy type specifies the values or value types that are valid for the source, destination, match object type, and action fields in the policy. You can further define the policy to include or exclude specific users or groups, select a schedule, turn on logging, and specify the connection side as well as basic or advanced direction types. A basic direction type simply indicates inbound or outbound. An advanced direction type allows zone to zone direction configuration, such as from the LAN to the WAN.
The App rules: Policy types table describes the characteristics of the available App Rules policy types.
| Policy Type | Description | Valid Source Service / Default | Valid Destination Service / Default | Valid Match Object Type | Valid Action Type | Connection Side |
|---|---|---|---|---|---|---|
| App Control Content | Policy using dynamic App Rules related objects for any application layer protocol | Any / Any | Any / Any | Application Category List, Application List, Application Signature List | Reset/Drop No Action Bypass DPI Packet Monitor, BWM Global-* WAN BWM * | N/A |
| Custom Policy | Policy using custom objects for any application layer protocol; can be used to create IPS-style custom signatures | Any / Any | Any / Any | Custom Object | Reset/Drop Bypass DPI Packet Monitor No Action, BWM Global-* WAN BWM * | Client Side, Server Side, Both |
| FTP Client | Any FTP command transferred over the FTP control channel | Any / Any | FTP Control / FTP Control | FTP Command, FTP Command + Value, Custom Object | Reset/Drop Bypass DPI Packet Monitor No Action | Client Side |
| FTP Client File Upload Request | An attempt to upload a file over FTP (STOR command) | Any / Any | FTP Control / FTP Control | Filename, file extension | Reset/Drop Bypass DPI Packet Monitor No Action, BWM Global-* WAN BWM * | Client Side |
| FTP Client File Download Request | An attempt to download a file over FTP (RETR command) | Any / Any | FTP Control / FTP Control | Filename, file extension | Reset/Drop Bypass DPI Packet Monitor No Action, BWM Global-* WAN BWM * | Client Side |
| FTP Data Transfer Policy | Data transferred over the FTP Data channel | Any / Any | Any / Any | File Content Object | Reset/Drop Bypass DPI Packet Monitor No Action | Both |
| HTTP Client | Policy which is applicable to Web browser traffic or any HTTP request that originates on the client | Any / Any | Any / HTTP (configurable) | HTTP Host, HTTP Cookie, HTTP Referrer, HTTP Request Custom Header, HTTP URI Content, HTTP User Agent, Web Browser, File Name, File Extension Custom Object | Reset/Drop Bypass DPI Packet Monitor1 No Action, BWM Global-* WAN BWM * | Client Side |
| HTTP Server | Response originated by an HTTP Server | Any / HTTP (configurable) | Any / Any | ActiveX Class ID, HTTP Set Cookie, HTTP Response, File Content Object, Custom Header, Custom Object | Reset/Drop Bypass DPI Packet Monitor No Action BWM Global-* WAN BWM * | Server Side |
| IPS Content | Policy using dynamic Intrusion Prevention related objects for any application layer protocol | N/A | N/A | IPS Signature Category List, IPS Signature List | Reset/Drop Bypass DPI Packet Monitor No Action, BWM Global-* WAN BWM * | N/A |
| POP3 Client | Policy to inspect traffic generated by a POP3 client; typically useful for a POP3 server admin | Any / Any | POP3 (Retrieve Email) / POP3 (Retrieve Email) | Custom Object | Reset/Drop Bypass DPI Packet Monitor No Action | Client Side |
| POP3 Server | Policy to inspect email downloaded from a POP3 server to a POP3 client; used for email filtering | POP3 (Retrieve Email) / POP3 (Retrieve Email) | Any / Any | Email Body, Email CC, Email From, Email To, Email Subject, File Name, File Extension, MIME Custom Header | Reset/Drop Disable E-Mail Attachment - Add Text Bypass DPI No action | Server Side |
| SMTP Client | Policy applies to SMTP traffic that originates on the client | Any / Any | SMTP (Send Email)/ SMTP (Send Email) | Email Body, Email CC, Email From, Email To, Email Size, Email Subject, Custom Object, File Content, File Name, File Extension, MIME Custom Header, | Reset/Drop Block SMTP E-Mail Without Reply Bypass DPI Packet Monitor No Action | Client Side |