Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
360
Views
0
Helpful
2
Replies

Port 22 allowed by L7 Rule: Web and URL Filtering

Steytler
Level 1
Level 1

‎11-17-2022 01:59 PM

I'm trying to understand this order of operation.   Port 22 and 3389 are being permitted by this line in my ACL and affecting traffic from the Outside zone to Inside zone.  I imagine there are others, but this is where I am testing at the moment.

Steytler_0-1668720843435.png

Steytler_4-1668721380700.png

Steytler_1-1668720881705.png

Steytler_5-1668721750155.png

Steytler_3-1668721172592.png

Possible solutions:

  1. Add Zones to create a condition for the rule?

Many thanks,

Steytler

 

 

 

Labels:
0 Helpful
2 Replies 2

hcalderon
Level 1
Level 1

‎11-17-2022 03:29 PM

Hello  Steytler,

The  firts line permit all, not  just  22 and  3389, why not  just  deny tcp 22 and  3389 and if  you need  permit all put in below  the deny ssh and  3389

0 Helpful

Steytler
Level 1
Level 1

‎11-18-2022 09:37 AM

I was trying to understand why the traffic was passing through this rule.  This is a matter of understanding the order of operation and the reading a rule correctly.  No zones [any interface] and no source or dest [any any] then the traffic is punted to Snort for inspection by those rule sets.

The expectation is that the traffic would make it to the Default policy of Block.  And as I noodle through this with more of a fine tooth comb, the traffic getting all the way to the L7 policy is making more sense.

Any other comments and thoughts greatly appreciated.

 

 

 

Steytler_0-1668791254202.png

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card