Network > Address Objects
218
SonicOS Enhanced 4.0 Administrator Guide
Step 2 – Create the Firewall Access Rule
• From the Firewall > Access Rules page, LAN->WAN Zone intersection, Add an Access
Rule as follows:
Note Rather than specifying ‘LAN Subnets’ as the source, a more specific source could be
specified, as appropriate, so that only certain hosts are denied access to the targets.
• When a host behind the firewall attempts to resolve moosifer.dyndns.org using a
sanctioned DNS server, the IP address(es) returned in the query response will be
dynamically added to the FQDN AO.
• Any protocol access to target hosts within that FQDN will be blocked, and the access
attempt will be logged:
Using an Internal DNS Server for FQDN-based Access Rules
It is common for dynamically configured (DHCP) network environments to work in combination
with internal DNS servers for the purposes of dynamically registering internal hosts – a common
example of this is Microsoft’s DHCP and DNS services. Hosts on such networks can easily be
configured to dynamically update DNS records on an appropriately configured DNS server (for
example, see the Microsoft Knowledgebase article “How to configure DNS dynamic updates in
Windows Server 2003” at
http://support.microsoft.com/kb/816592/en-us).