10 SonicWall hacks guaranteed to save time and money

by | Feb 15, 2012

Some of our favorite SonicWall tips and tricks

As some of you may know, we began our venture into data protection in 2003 with our SonicWall partnership. We developed and delivered training programs that educated resellers and major clients in over 30 markets across North America. And, here are some of our favorite SonicWall hacks that we thought you would enjoy.

SonicWall tip #1: Learn how to identify connections by country

Is a connection to an IP in a foreign country from your local neighborhood office or a branch site just a benign connection from somebody browsing on the Web, or is it botnet activity? You can use application intelligence as a powerful forensics tool to identify exactly what’s happening on your network.

View connections by country or create country-specific filters
1. Check which applications are connecting to IPs in other countries
2. See which users and which computers are connecting to IPs other countries
3. Create filters to restrict traffic to countries specified by you, with exclusion lists

Once you know the answer to the question, you can talk to the user, inspect the machine with the offending IP address, or enable a packet capture utility on the firewall to analyze exactly what’s going over that connection. With application intelligence and control, you can identify and address problems that you might not have been aware of otherwise.

SonicWall tip #2: How to Manage Bandwidth of Streaming Audio and Video, Easily

Access to streaming video from sites such as YouTube.com is sometimes useful, but is often abused. Blocking these sites might work, but a preferable approach is to limit the total bandwidth given to streaming video, regardless of where it comes from. This also applies to streaming audio sites such online music radio stations and personalized music playlist sites. This traffic doesn’t necessarily need to come from well-known sites, but can also be hosted by blogs. Thus, the goal is to identify this traffic by what it is, rather by its origin. Deep Packet Inspection excels at this process.

Create a policy to limit streaming audio and streaming video by predefined signature list

1. Select Streaming Video and Streaming Audio as application categories
2. Set the amount of bandwidth that you want to allocate to these application categories (e.g., 10%)
3. Create a rule that enforces Streaming Video and Streaming Audio to consume a maximum of 10% of bandwidth for everyone (perhaps excluding particular department groups, such as those in the training group)
4. Optionally, schedule the rule to be effective during standard business hours, but not during lunch hours or after 6 p.m.
5. Confirm the effectiveness of your new policy with real-time Visualization by logging into the Application Flow Monitor

SonicWall tip #3: How to Prevent Data Leaks over Web Mail like a BadAss

Now let’s assume your existing anti-spam protection can detect and block a normal outbound email that contains “Company Confidential” information. But what if an employee uses a Web Mail service, such as Yahoo or Gmail, to send out “Company Confidential” information?

One of our highly recommended Data Protection Services is to create a policy to block “Company Confidential” attachments in Web traffic

1. The Deep Packet Inspection (DPI) engine looks for “Company Confidential” on files transferred via http or https
2. Block message and notify the sender that the message is “Company Confidential”

This can also be done for FTP-based content.

SonicWall tip #4: How to Prevent Data Leaks over Email 

In some companies, outbound email does not pass through their Email Security system, or that system does not check the content of email attachments. In either case “Company Confidential” attachments can easily leave the organization. Since outbound network traffic goes through your firewall, you can detect and block this “data-in-motion” and loss prevention.

Create a policy to block email attachments which contain the “Company Confidential” watermark

The Deep Packet Inspection (DPI) engine looks for:
1. Email Content = “Company Confidential” and
2. Email Content = “Company Proprietary” and
3. Email Content = “Private Proprietary”, etc.

SonicWall tip #5: Block Viruses from Entering Your Network

Network security must be at the forefront of any IT administrator’s focus. The ability to prevent malware such as viruses, spyware, keyloggers, Trojans and intrusion attempts from entering the network at the gateway relieves the organization from great risk and spares potentially wasted resources.

Block viruses, spyware and other malware at the gateway before it has a chance to even enter your network!

SonicWall security services, running on the high-performance and ultra-low-latency architecture of SonicWall Next-Generation Firewalls, are capable of blocking millions of threats from entering the network, before they become a danger to your users. If your users connect an infected laptop to the network, SonicWall Next-Generation Firewalls are capable of blocking the propagation of that malware within the department and within the rest of the organization.

SonicWall tip #6: Manage Bandwidth for a Group of Users

What do you do if your CEO complains the business news videos that he wants to watch every morning are choppy and won’t play correctly? After investigation, you determine that it’s due to a company-wide bandwidth management policy that you implemented for all streaming video. You could ease off on the bandwidth restrictions for everyone, but now there is a better answer: group-based bandwidth management.

On your SonicWALL firewall create a policy to exclude the executive team from streaming video bandwidth management

1. Choose the executive group imported from your LDAP server
2. The Deep Packet Inspection (DPI) engine uses pre-defined streaming video application signatures from the application signature list
3. Apply bandwidth restriction to traffic with that header

SonicWall tip #7: Understanding Bandwidth: Visualize Your Application Traffic in Real-Time

What’s happening on my network? Who’s wasting my bandwidth? Why is my network so slow? Have you ever asked yourself any of these questions? You could use a combination of separate tools to try to get answers, but this process is time consuming, and will only provide you with information after-the-fact. With SonicWall’s real-time visualization of application traffic, you can answer these questions instantly, quickly diagnose issues, detect out-of-compliance network usage, create appropriate policies and immediately see the effectiveness of these policies.Visualization provides administrators with instant feedback on network traffic flows.

View all traffic in real time by logging into the Application Flow Monitor

1. View real-time graphs of all application traffic
2. View real-time graphs of ingress and egress bandwidth
3. View real-time graphs of Web sites visited and all user activity
4. Create your own filtering that gives you the most relevant information

SonicWall tip #8: Can Your Firewall Control Unproductive Components of Applications?

Social networking applications such as Facebook, Twitter and YouTube have become new channels of communications for individuals and for companies. While it might be counterproductive to block all social networking applications, you may want to control how they can be used in the workplace.

For example, you may want to let marketing personnel update the company’s Facebook page, but not allow them to play Facebook games like Farmville or Mafia Wars. With application intelligence and control, you can create a policy to allow access to Facebook, but block Farmville.

It’s easy with a SonicWall firewall. Create a security policy to allow Facebook, but block Facebook games:

1. Select “All” users
2. Select Facebook games applications as a category
3. Create a single rule to “Block” all users from accessing games within Facebook

SonicWall tip #9: Can your Firewall Block Peer-to-Peer Applications?

Unproductive peer-to-peer (P2P) applications such as BitTorrent are often used to download unlicensed versions of copyrighted media, and can quickly consume bandwidth or transmit malware. However, the creation of new P2P applications, or simple changes (e.g., version numbers) to the existing P2P applications happen all the time so it is difficult to manually block any single P2P application.

SonicWall continuously updates the application intelligence and control database to add new P2P apps as soon as they are available. Now, you can simply create one policy to block all P2P apps going forward.

Create a policy to block the use of P2P applications

1. The Deep Packet Inspection (DPI) engine uses pre-defined P2P application signatures from the application signature list
2. Choose the P2P applications from the predefined signature list
3. Apply the policy to all users
4. Block P2P applications through bandwidth and time-based restrictions

SonicWall tip #10: Manage the Bandwidth for Critical Applications

Many mission-critical applications, such as Live Meeting, Salesforce.com and SharePoint, are cloud-based, or run across geographically dispersed networks. Ensuring these applications have priority over unproductive Web surfing improves business productivity.

Create a security policy to give bandwidth priority to the Live Meeting application

1. The Deep Packet Inspection (DPI) engine looks for the application signature or application name
2. Assign the Live Meeting application a higher bandwidth priority

Hope you enjoyed our SonicWall hacks. Still looking for more ways to protect your data and infrastructure? Check out our business continuity services.

Dale Shulmistra is a Business Continuity Specialist at Invenio IT, responsible for shaping the company’s technology initiatives -- selecting, designing, implementing & supporting business continuity solutions to bolster client operational efficiencies and eliminate downtime.