What is a Rule Object? Rule Objects are created for Firewall Rules to specify which ports you want to open up for that particular Rule (See Firewall Rule Basics for more information). Rule Objects and the ability to create custom objects are located in the same place as Network Objects (in the GUI, under Network -> Objects). 


CREATING RULE OBJECTS


When creating a new Rule Object, click "Add Rule" and a new Window will appear where you can enter in all the specific details you require to open up your desired ports. By default, there should already be several "default" Rule Objects already created, representing the most common Protocols on the internet (HTTP, HTTPS, RDP, ICMP, DNS, SMTP, FTP, etc). All of these follow a particular naming scheme such as "Allow HTTPS" and "Allow RDP", etc. However, you are free to name your Rule Objects whatever you like. There are several fields you need to be aware of when creating a rule.

  • Rule Type - This indicates what kind of Rule Object you're creating. By default, "Packet" is the one you will use the most. See below for a more detailed explanation of what each one does.
  • Rule Label - The name of the Rule Object you're creating (e.g. Allow RFS)
  • Protocol - The protocol you're allowing. By default it is set to TCP, but can be changed by selecting another from the drop-down menu. 
  • Target - This indicates what you want to do with the traffic. By default, it is set to "ACCEPT", as in, to accept the target traffic. However, other options such as DROP can be selected (as in, you want to drop the target traffic from going out). 
  • Match1 - Match1 will have a standard "state" selected in it. We leave that as it is, as it is required for the Rule Object. 
  • Match2 - This is where you will specify the port you want to allow. From the drop-down menu select "multiport" and hit the [...] button on the left to specify which port. In the "Available Choice" section, change it from "src-port" to "dst-port" and enter a value. The "Value" will represent the port you are opening. For example, if it is RFS, you enter "8443". Click OK, then OK again to confirm the Rule.


The Rule should now appear in the list of Rule Objects along with the rest. You can now use it in creating Firewall Rules. 


WHAT IF I WANT TO ALLOW MULTIPLE PORTS?


If you want to allow more than one port in the one Rule Object, it can be done when selecting "multiport" in Step 6 above. When entering a target value, you can put in more than one port number separated by a comma (but no spaces in between). For example "8443,3389,80,443" (without quotes). Click "Add", then "OK", then "OK" again to confirm the rule. 


CAN I ALLOW A RANGE OF PORTS?


If you have a range of ports that you want to open up, that can also be done in the same place as mentioned above (Step 6). Ranges of ports are usually required for protocols such as UDP, but in some cases, TCP as well. Under the "multiport" match and the "Enter a Value" field, say you want to allow ports 1600 all the way to 1700. Enter in the values "1600:1700" (without quotes) The colon will denote the port range inclusive of the start and end ports. You can also allow multiple port ranges but separating them with a comma (without spaces). For example "1600:1700,1850:1923,15234:160230" (without quotes). Click "Add" then "OK" and then "OK" again to confirm the rule. 


HOW DO I KNOW WHICH RULE TYPE TO USE?


The different options of Rule Types can be quite confusing. By default, "Packet" is always selected and is more commonly used when creating Firewall Rules. However, there will times when you might need to use other Rule Types. 


  • Packet - A standard rule indicated in Green in the list of Rule Objects with the Target of "Accept", "Drop", "Encrypt", "Log", "Mark", and "Return". You will generally use this and keep the Target as "Accept" for creating rules that allow traffic to go from a Source to a Destination.
  • NAT - A rule indicated in Blue in the list of Rule Objects with the Targets of "DNAT", "DNAT_Return", "DNAT_Accept", "PAT", "REDIRECT", and "SNAT". You generally do not have to touch this one unless you're manually creating NATs for the purpose of Transparent Proxies, or Destination addresses on specific ports. 
  • QOS - A rule indicated in Pink with the target "CLASSIFY". The only time you would need to use this rule type is when creating Bandwidth Throttling Rules (See Setting Up QoS on Sonar for more information).
  • Account - A rule indicated in Yellow. This has the targets of "Account" or "Return". Generally only used if you want to perform custom packet accounting.
  • Conformance - A rule indicated in Orange. Generally used for more advanced features of Sonar and have the Targets of "Cluster IP", "Drop", "Log", "Mark", "Return", "Tarpit". Usually only used for sending Network Data to /dev/nul