{"id":1608,"date":"2025-10-26T21:35:28","date_gmt":"2025-10-26T21:35:28","guid":{"rendered":"https:\/\/www.ultrexstaff.com\/?p=1608"},"modified":"2025-10-26T21:35:30","modified_gmt":"2025-10-26T21:35:30","slug":"sonicwall-whitelisting-ip-address-in-firewall","status":"publish","type":"post","link":"https:\/\/www.ultrexstaff.com\/?p=1608","title":{"rendered":"SonicWall Whitelisting IP Address in Firewall"},"content":{"rendered":"\n

Hello Jim,<\/p>\n\n\n\n

I spoke with Andrae and during the call we discussed the allow rule needed to be created. He mentioned it would be a penetration test-like event from the internet needing inbound access, but despite there being no inbound access rules existing for CISA he mentioned there was never any reports of the tests not working in the past.<\/p>\n\n\n\n

We created address objects for the CISA IPs listed and then added them to a group. We then created an inbound access rule to allow those IPs in the group access any zone with any port\/service. There was no NAT policy created since it doesn’t seem like they need access to a specific device at a specific private IP.<\/p>\n\n\n\n

To create these address objects, in the top menu select Object<\/strong><\/p>\n\n\n\n

      On the left menu select Addresses<\/strong><\/p>\n\n\n\n

      Click Add<\/strong> towards the right side of the Addresses menu<\/strong><\/p>\n\n\n\n

      Put a unique name, because the IPs are on the internet select WAN zone,<\/strong> for the first IP select Host <\/strong>because it’s a \/32 (255.255.255.255)<\/p>\n\n\n\n

            For the other IPs, since they are a \/29 and \/28 network we chose Network <\/strong>and put the corresponding subnet masks under the network IP.<\/p>\n\n\n\n

      Click Save<\/strong><\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

To create an address group, or add new objects to an existing group, click Address Groups <\/strong>at the top left of the Adress Object menu<\/p>\n\n\n\n

      To create a group Click Add<\/strong>, to edit an existing group search for the group name, hover over it and click the Pencil <\/strong>icon <\/strong>to edit<\/p>\n\n\n\n

      Search for the address objects you want to add on the left side by the unique name<\/p>\n\n\n\n

      Select each address object by clicking on each or holding down left click while dragging the cursor over the group of Address objects you wish to select<\/p>\n\n\n\n

      Click the right facing arrow<\/strong> in the middle to move the selected objects into the group<\/p>\n\n\n\n

      Click Save<\/strong><\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

To create access rules, on the top menu navigate to Policy <\/strong>and on the left side menu select Access Rules<\/strong><\/p>\n\n\n\n

      Click the +Add <\/strong>option on the bottom left to bring up the screen below.<\/p>\n\n\n\n

      Since we created an inbound access rule from the internet, we selected WAN<\/strong> for the Source Zone<\/strong><\/p>\n\n\n\n

      For the Source Address we selected the group we created which contains the address objects we created.<\/p>\n\n\n\n

            This locks the rule down to only allow traffic with a source IP from the IP pool in the “G – CISA IPs” group<\/p>\n\n\n\n

      We left the Destination as Any to allow them open access to the network.<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n
\"\"\/<\/figure>\n\n\n\n

As discussed, I’ll close this ticket for you now but if you have any questions in the future feel free to reach out anytime.<\/p>\n\n\n\n

Thank you and have a great rest of your day!<\/p>\n\n\n\n

Kind Regards,<\/p>\n\n\n\n

<\/td>Josh Littaua    <\/strong><\/td><\/tr>
Western NRG, Inc.  <\/strong>| <\/strong>Total Internet Security<\/strong><\/td><\/tr>
(805) 658-0800 <\/strong>|  Fax: (805) 465-8480<\/strong><\/td><\/tr>
j.littaua@westernnrg.com<\/a> <\/strong>| <\/strong>www.WesternNRG.com<\/strong><\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"

Hello Jim, I spoke with Andrae and during the call we discussed the allow rule needed to be created. He mentioned it would be a penetration test-like event from the internet needing inbound access, but despite there being no inbound access rules existing for CISA he mentioned there was never any reports of the tests […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[115],"tags":[],"class_list":["post-1608","post","type-post","status-publish","format-standard","hentry","category-sonicwall","post-preview"],"_links":{"self":[{"href":"https:\/\/www.ultrexstaff.com\/index.php?rest_route=\/wp\/v2\/posts\/1608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ultrexstaff.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ultrexstaff.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ultrexstaff.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ultrexstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1608"}],"version-history":[{"count":1,"href":"https:\/\/www.ultrexstaff.com\/index.php?rest_route=\/wp\/v2\/posts\/1608\/revisions"}],"predecessor-version":[{"id":1609,"href":"https:\/\/www.ultrexstaff.com\/index.php?rest_route=\/wp\/v2\/posts\/1608\/revisions\/1609"}],"wp:attachment":[{"href":"https:\/\/www.ultrexstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ultrexstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ultrexstaff.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}