Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 2277 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall rules - best practices?

Roland M.
Hello to everybody!

I'm new to the Astaro/Sophos software, just got the final hardware a few days ago and now I'm testing or rather learning. So to say it clear: I am a bloody beginner... [:)]

First question: 
Given 3 interfaces LAN, WAN1, WAN2 (Backup) and as example the NNTP service (Usenet, Port 119).

What's the better / usual way:

1 rule: Any -> NNTP -> Any
or
2 rules: LAN -> NNTP -> Any and Any -> NNTP -> LAN ?

Wouldn' the Any-Any rule allow traffic between WAN1 and WAN2?


Thanks in advance!


Roland

PS: English isn't my mother language, so sorry for any misspelling or unclear wording!


This thread was automatically locked due to age.
Parents
  • 0
    You only hav to create a rule allowing the outgoing traffic. Answering packets to this traffic are automatically allowed.

    There is also a network object called "Internet" (it resolves to all interfaces with default gateway).
    So it should suffice to create an Allow rule for Internal (Network) -> NNTP -> Internet

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Reply
  • 0
    You only hav to create a rule allowing the outgoing traffic. Answering packets to this traffic are automatically allowed.

    There is also a network object called "Internet" (it resolves to all interfaces with default gateway).
    So it should suffice to create an Allow rule for Internal (Network) -> NNTP -> Internet

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Children
No Data
Cookie Information Banner