Port 22 allowed by L7 Rule: Web and URL Filtering
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2022 01:59 PM
I'm trying to understand this order of operation. Port 22 and 3389 are being permitted by this line in my ACL and affecting traffic from the Outside zone to Inside zone. I imagine there are others, but this is where I am testing at the moment.
Possible solutions:
- Add Zones to create a condition for the rule?
Many thanks,
Steytler
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2022 03:29 PM
Hello Steytler,
The firts line permit all, not just 22 and 3389, why not just deny tcp 22 and 3389 and if you need permit all put in below the deny ssh and 3389
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2022 09:37 AM
I was trying to understand why the traffic was passing through this rule. This is a matter of understanding the order of operation and the reading a rule correctly. No zones [any interface] and no source or dest [any any] then the traffic is punted to Snort for inspection by those rule sets.
The expectation is that the traffic would make it to the Default policy of Block. And as I noodle through this with more of a fine tooth comb, the traffic getting all the way to the L7 policy is making more sense.
Any other comments and thoughts greatly appreciated.
