User's Manual
User Management
669
SonicOS Enhanced 4.0 Administrator Guide
Configuring Firewall Access Rules
Firewall access rules provide the administrator with the ability to control user access. Rules set
under Firewall > Access Rules are checked against the user group memberships returned
from a SSO LDAP query, and are applied automatically. Access rules are network management
tools that allow you to define inbound and outbound access policy, configure user
authentication, and enable remote management of the SonicWALL security appliance. The
SonicOS Firewall > Access Rules page provides a sortable access rule management
interface. The subsequent sections provide high-level overviews on configuring access rules
by zones and configuring bandwidth management using access rules.
Note More specific policy rules should be given higher priority than general policy rules. The
general specificity hierarchy is source, destination, service. User identification elements, for
example, user name and corresponding group permissions, are not included in defining the
specificity of a policy rule.
By default, SonicWALL security appliance’s stateful packet inspection allows all communication
from the LAN to the Internet, and blocks all traffic to the LAN from the Internet.
Additional network access rules can be defined to extend or override the default access rules.
For example, access rules can be created that block certain types of traffic such as IRC from
the LAN to the WAN, or allow certain types of traffic, such as Lotus Notes database
synchronization, from specific hosts on the Internet to specific hosts on the LAN, or restrict use
of certain protocols such as Telnet to authorized users on the LAN.
Note The ability to define network access rules is a powerful tool. Using custom access rules can
disable firewall protection or block all access to the Internet. Use caution when creating or
deleting network access rules.
For detailed information about the Firewall > Access Rules page, refer to the SonicOS
Enhanced 4.0 Administrator’s Guide.
Viewing User Status
The Users > Status page displays Active User Sessions on the SonicWALL security
appliance. The table lists User Name, IP Address, Session Time, Time Remaining,
Inactivity Remaining, Settings, and Logout. For users authenticated using SonicWALL SSO
Agent, the message Auth. by SSO Agent will display.
To logout a user, click the trash can icon next to the user’s entry.
Note Changes in a user’s settings, configured under Users > Settings, will not be reflected during
that user’s current session; you must manually log the user out for changes to take effect.
The user will be transparently logged in again, with the changes reflected.
Configuring User Settings
The Users > Settings page provides the administrator with configuration options for user
session settings, global user settings, and acceptable use policy settings, in addition to SSO
and other user login settings.