Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Firewalled subnets

djhurt1djhurt1 Enthusiast ✭✭
in High End Firewalls

Sorting through our Sonicwall and learning a great deal. I've come across a group called "Firewalled subnets". It's a default group however it includes custom names inside the group. I have the feeling this is a very simple answer. What determines what gets included in this group? It appears to include all the zones. So if a new zone is created, is it automatically included in firewalled subnets?

Category: High End Firewalls
Reply

Best Answer

Answers

  • SaravananSaravanan Moderator

    Hello @DJHURT1,

    Firewalled Subnets address group by default contains the address objects meant for the Zones that are configured on the firewall interfaces. The firewall interface(s) may be active or inactive. The Zones can be of default zones such as LAN, WAN, DMZ, WLAN, etc,., or any custom zones.

    Hope this helps.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @djhurt1

    I wouldn't rely on that Address Group if you have internally routed networks in your LAN zone behind a Core Switch etc., these will not be part of the group.

    I personally avoid any firewall generated address objects (except Interface IP) to avoid any situations beyond my control, your mileage may vary.

    --Michael@BWC

  • shiprasahu93shiprasahu93 Moderator

    Excellent point Michael@BWC. I forgot to add that earlier. The Firewalled subnets only include the subnets configured on the firewall (Physical and VLAN sub-interfaces) and not the routed networks.

    So, in scenarios where those networks are also required, they need to be manually added to a group along with Firewalled Subnets.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • djhurt1djhurt1 Enthusiast ✭✭

    @BWC

    That is exactly what led me to ask the question. I wanted to know what gets added to this group since it appeared to be auto generated. Thank you.

  • SaravananSaravanan Moderator

    Hi @DJHURT1,

    We have a KB on this now.

    https://www.sonicwall.com/support/knowledge-base/address-group-firewalled-subnets-explained/200611061134370/

    Thanks for your feedback. Your feedback gave us a chance to present the KB. 🙂

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • Poorni_5Poorni_5 SonicWall Employee

    @Saravanan , that was pretty quick. Thank You for the article.

    Thanks & Regards,

    Poornima.T.R

  • sv7874sv7874 Newbie ✭

    On this page says:

    By default, the Firewalled Subnets address group doesn't contain any internally routed subnetworks via SonicWall firewall behind a Core Switch, Router, etc.,.

    By default I understand it is not added, but I can be. Obviously not manually, but how then?

    Is there any setting, so you can say: this is internally firewalled route, add it to Firewalled subnets?

    kind regards, Sebastijan

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @sv7874

    I can't think of any option like this, if you have a chance leave the pre-defined objects out of the equation and rely solely on your own custom objects.

    Just create a "My Firewalled Subnets" address group and throw everything in you like to have, but I don't really like that approach because it might hold objects from different zones which is no problem but not that clean.

    As always, just my € .02

    --Michael@BWC

Sign In or Register to comment.