Networking/Firewall: Blocking NetBIOS on a Sonicwall firewall to help mitigate WannaCry Malware

Created: 8/13/2017

Updated: 8/14/2017

 

Hey guys,

Here is a write up on how to block NetBIOS in a Sonicwall firewall to help mitigate risk imposed by the WannaCry malware threat.

Ok peeps, so lets get started. Login into your Sonicwall and go to the Firewall section and click on the Service Objects sub-section and click on “Add”

 

 

Now you want to create 3 service rules, as shown below, for TCP 445, and 139 along with UDP 137-138.

 

After you create these 3 service rules, you will see them show up in the list like such:

 

While in Service Objects section, scroll to the top and click on the “Add” button for “Service Groups”, as shown below, and search for the 3 service rules you defined above and add them to a group you can remember for this NetBIOS block rule.

 

 

 

So now that we have create the Service Rules and the Service Groups, we can proceed to mapping them to the firewall rules.  Click on “Access Rules” under Firewall and press the “Add” button as shown below:

 

Create the following rule just like this below, make sure to click on “Deny” as the action:

 

 

This is what the rule should look like after it’s been applied to the Firewall.

This completes the steps on setting up how to block WannaCry on WAN connections coming into a LAN and helping to mitigate WannaCry attacks.