Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Rules Display - GUI

As described in another post, we are trying to develop a process to easily export a list of firewall rules from multiple firewalls. In trying to find a good way to achieve this on a regular basis, I've found some things in the log display that could work better:

  • When you add Time Created and/or Time Updated columns, and try to sort by either of them, the triangle indicating which way the sort is going changes, but the sort doesn't change.
  • Is there a way to permanently add those columns, so they don't need to be checked every time you go to look at the rules?
  • What's the purpose of the rule "#"? The number isn't actually associated with the rules, which took me a while to figure out. Having a "#" in the table implies the number has something to do with the rule on that line. It would be valuable to have an actual rule number, that was consistent no matter how you sorted or filtered. If there's a purpose for this working the way it is, I'd love to know what it is.
  • In comparing the GUI with the TSR, does the Rule # in the TSR mean anything? Is it consistent when a new rule is created?

It would be great to have either a script to convert the TSR to csv, or an export like the log screen has.

Category: Firewall Management and Analytics
Reply

Answers

  • shultisshultis Newbie ✭

    No takers on this one?

  • LarryLarry All-Knowing Sage ✭✭✭✭

    Just for jollies while waiting for a webinar to being, I added a new Access rule called "test" from Any to my Lab 2 network, and it ended up as #1 - which surprised me quite a bit. After deleting it, the "standard" DMZ to DMZ default rule became #1. Not sure if you should place any value in that particular field.

  • MicahMicah SonicWall Employee

    Hey @Jaime I'm not sure about converting a TSR to CSV but do you think a JSON dump could help here via API?

    @micah - SonicWall's Self-Service Sr. Manager

  • shultisshultis Newbie ✭

    I spent some time with support on this one, and a somewhat frustrated support engineer trying to explain to me that the numbers in the # column of the GUI don't mean anything, and change based on the search, or display options:


    Other than helping you find where you are on the page, there's no value to these numbers. This confused the heck out of me before I realized they aren't associated with the rule, they're just line numbers for the table.

  • Hello @shultis and @Larry


    The web UI in SonicOS displays rule #s as a friendly tool. The numbers adjust based on which rules are being viewed, and on how they are filtered. For example, I have taken two images of rules (all) in which the total is 169 when viewing IPv4 + IPv6 items, and only 120 rules total when viewing IPv4 items only. 


    The rules are sorted alphabetically by the From Zone, then To Zone. This explains the behavior Larry reported, since a rule from Any zone would be first alphabetically, before the DMZ items.


    The TSR does have absolute rule numbers (see excerpt below), and you will find they are listed in that document in that order, which is totally unrelated to the web UI displays. I believe that most customers would rather have some sort of numbering in the UI even if it does not map to the actual rule numbering in the TSR. that way, two viewers of the UI could talk about "Rule #4" when looking at VPN to DMZ rules, for example.


    #Firewall : Access Rules_START

    Global TCP Inactivity Timeout (policies will be created with this by default): 15

    Global UDP Inactivity Timeout (policies will be created with this by default): 30

    Current size: 224

    Save count:  224

    Maximum lookup size: 19050

    Maximum total size: 19050

    Dynamic Size: 19050

    Rule 1 LAN -> LAN Allow Service Any -> BGP (Enabled)

        IP: Any -> All X24:V4000 Management IP Iface: Any (ffffffff) -> Any (ffffffff) 

    Rule 2 LAN -> LAN Allow Service Any -> Ping (Enabled)

        IP: Any -> All X24:V4000 Management IP Iface: Any (ffffffff) -> Any (ffffffff) 

  • shultisshultis Newbie ✭

    -- When you add Time Created and/or Time Updated columns, and try to sort by either of them, the triangle indicating which way the sort is going changes, but the sort doesn't change.

    Just in case someone wants a task for the next update:




  • Hello Shultis:

    This sort works in the latest MR version, SonicOS 6.5.4.6.8-79n, tested on TZ-500W, using MS Edge on WIn10. See attached. The columns also are persistent. Once enabled, they appear on the far right of the rules display UI after I go to another screen and then return. All of the features in this web UI are saved as session cookies which are specific to browsers and also the IP address in the URL. I hope this helps. - John


  • LarryLarry All-Knowing Sage ✭✭✭✭

    @John_Lasersohn , good to know and I'll assume that it works with Google Chrome because that's the code base for the new Edge.

    But the toggle does NOT work using Firefox 79.0 on a Soho250 W with 6.5.4.6-79n.

    FWIW...

Sign In or Register to comment.