Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

allowing only specific ports outbound

hello,

i am looking for confirmation. we are migrating firewalls to NSAs. currently all ports except for a select few are blocked. since outbound is default to all ANY. is it simply adding a service group with allowed ports and change the ANY to the group?

Thank you

Category: Mid Range Firewalls
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Accepted Answer

    @jtuckerchug specify one or more access rules in your LAN->WAN ruleset only allowing specific services is what you want. Isn't that firewall 101? Everything what is not allowed will be dropped.

    --Michael@BWC

Answers

  • BlurayBluray Newbie ✭

    It would be nice when Sonicwall defaults to any-->any drop like a proper firewall instead of their non best practice of using any-->any allow. Hoping they figure that out sooner rather than later. Then adding a rule comparable to your existing firewall would be trivial.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Bluray it depends on your Zone settings if it is allowed or not per default.

    If you check your LAN Zone for example, it automatically sets "Auto-generate Access Rules to allow traffic to zones with lower trust level" which is the Allow ALL to WAN Rule you're concerned about (for a good reason).

    For that matter, whenever I configure any system, I disable ALL Auto-generate settings in each Zone to get full control.

    --Michael@BWC

Sign In or Register to comment.