10-12-2023 10:35 AM
I'm trying to understand the way the Firepower 2100 series blocks source and destination connections. If I have Russia source connections blocked and I open a Russian website from my internal network, will that website be displayed? In other words, is the firewall smart enough to know that any replies from that website are part of my original sourced connection and allow that particular traffic from Russia back in or will it allow the url request to be sent out, but block any data coming back?
Solved! Go to Solution.
10-12-2023 11:08 AM
Hello @Eric Z,
if you block source connections from Russia but allow an internal user to access a Russian website, the initial request will be allowed to go out based on your rule. When the response comes back from the Russian website, the firewall will recognize it as part of the established connection and allow that traffic back into your network, as it's considered a valid response to the initiated connection.
10-12-2023 11:08 AM
Hello @Eric Z,
if you block source connections from Russia but allow an internal user to access a Russian website, the initial request will be allowed to go out based on your rule. When the response comes back from the Russian website, the firewall will recognize it as part of the established connection and allow that traffic back into your network, as it's considered a valid response to the initiated connection.
10-12-2023 11:22 AM
I dont think so.
10-12-2023 11:29 AM - edited 10-12-2023 11:31 AM
I've juste tested with 2 differents fw, and I have different behavior lol.
Second effect: Even if the response from the Russian website is part of the established connection, it is not allowed back into the network because the source of the connection (my internal network) is blocked from communicating with Russian IPs. The firewall enforces the rule based on the source of the traffic.
10-13-2023 05:17 AM
Thank you for testing this out! I'm a little confused... You ran 2 tests with 2 differently configured fw(either firmware or firewalls?). The first effect I'm assuming is like what you described in your first response, but the second effect sounds like you had incoming and outgoing connections blocked? But if that was the case then you wouldn't have gotten a response from the Russian site because they wouldn't have gotten your request to begin with. Just a little confused.
10-13-2023 05:26 AM
Consider the First answer.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide