Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 12021 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rules and best practices

Tiago Toledo

Rules and best practices

I will be doing my first project and would like to know what are the basic rules that we need to configure first?
I know you need to create DNS, HTTP, HTTPS rule, what else do I need to set up initially?
Would you have a document with the best practices, how to create rules, name for standard rules, etc?

Thank you very much in advance.
Tiago Toledo - tiago.toledo@h9e.com.br - toledotiago@gmail.com - +5511 98311-9506



This thread was automatically locked due to age.
Parents
  • 0

    Tiago,

    this is something that you should build on your own. Every Organization has its own requirements. You should investigate on what applications, servers, authentication your customer use.

    You can use template by filling it in accordance with your customer. For example an excel file with few questions:

    • Which application do you want to allow?
    • Which web categories do you wish to allow or deny?
    • Do you host application server? If yes, are they running Apache, IIS, tomcat, etc?
    • Would you like to use authentication on your firewall rules, in order to have reports per users-based?
    • and more...

    First understand what features include XG and then proceed with more questions.

    For DNS, you should use XG as DNS or DNS forwarder and not use external DNS for best security advice.

    Regards

  • 0 in reply to lferrara

    Hi  

    I understand, but I'd like to know how you do it, how to create rules in the best way, the order of rules, the pattern of names, things.

    This template that you put I found very good, this I need too, you would have more Templates, like this one? With more questions, details, etc. It would help me a lot.

    Thank you very much in advance.

    Att, 

    Tiago Toledo - tiago.toledo@h9e.com.br - toledotiago@gmail.com - +5511 98311-9506

  • +1 in reply to Tiago Toledo

    Tiago,

    dealing with security, you should keep in mind "deny by default". Firewall processes rules from top to down and if a single rule is matched, no other rules are checked/processed.

    Do not create a single rule with multiple ports but try to be specific and clean on your Firewall rules, in order to have a clean situation and managing/editing becomes simple.

    This is something you will learn with years and you cannot find best practices on Internet. This is something like "how to properly drive a car". You have rules, indicators but it is quite difficult to drive a car with no experience.

  • 0 in reply to lferrara

    I understood the message, but it was exactly what these tips I was needing, helped a lot.

    If you have any more tips, please let me know. As you have enough experience, if you remember something that you would like to share, I'm sure many people will.

    Thank you.

Reply
  • 0 in reply to lferrara

    I understood the message, but it was exactly what these tips I was needing, helped a lot.

    If you have any more tips, please let me know. As you have enough experience, if you remember something that you would like to share, I'm sure many people will.

    Thank you.

Children
No Data