Great videos JP. One question. Some of my remote sites do not use active directory. I've setup the environment to use MAC-IP Filtering, is that the best way to make sure of the devices on the network that need access to the Network/Internet or is there a better way? This tends to work except for when a machine needs to get swapped out and I forget to make this change before the user starts complaining nothing works.
yeah, doing access rules based on IP addresses can cause those issues. you can always join them to AD through the VPN, that whould work. or you can use CFS (URL filtering) and force user that AD/SSO auth failed to authenticate manually to the firewall. I plan on doing a video on CFS soon. ill make sure to add it to the list of stuff to show/demo
We have several remote sites, we use a site to site vpn across the SonicWalls, for smaller sites, we use the Sonicwall NetExtender, works great with Active Directory
After creating outbound rules to allow HTTP, HTTPs, FTP and DNS (for DC) traffic and than monitoring traffic for last rule to determine if some users are accessing DNS, SSH, etc. is it a good idea to set "Deny" for that last rule so that users are ONLY able to access HTTP, HTTPS, FTP and DNS?
You don't really need to create a deny policy. if you only have the policies you mentioned and nothing else (no any-any policy) then anything that does not match a policy will be denied. If you prefer to create a deny policy for any ports and protocol, go for it. just make sure it's after the policies you mentioned.
Many tanks. Detailed and clear explinaitions. keep go on :)
Good Information!
Good tips!
Great videos JP. One question. Some of my remote sites do not use active directory. I've setup the environment to use MAC-IP Filtering, is that the best way to make sure of the devices on the network that need access to the Network/Internet or is there a better way? This tends to work except for when a machine needs to get swapped out and I forget to make this change before the user starts complaining nothing works.
yeah, doing access rules based on IP addresses can cause those issues. you can always join them to AD through the VPN, that whould work. or you can use CFS (URL filtering) and force user that AD/SSO auth failed to authenticate manually to the firewall. I plan on doing a video on CFS soon. ill make sure to add it to the list of stuff to show/demo
We have several remote sites, we use a site to site vpn across the SonicWalls, for smaller sites, we use the Sonicwall NetExtender, works great with Active Directory
After creating outbound rules to allow HTTP, HTTPs, FTP and DNS (for DC) traffic and than monitoring traffic for last rule to determine if some users are accessing DNS, SSH, etc. is it a good idea to set "Deny" for that last rule so that users are ONLY able to access HTTP, HTTPS, FTP and DNS?
You don't really need to create a deny policy. if you only have the policies you mentioned and nothing else (no any-any policy) then anything that does not match a policy will be denied.
If you prefer to create a deny policy for any ports and protocol, go for it. just make sure it's after the policies you mentioned.
Nice video do you have material about Sonicwall over O365 inbound emails?
Merci!
Yes please look in my videos, you will find one about cloud application security. And I use o365 de explain/demo it