11-17-2022 01:59 PM
I'm trying to understand this order of operation. Port 22 and 3389 are being permitted by this line in my ACL and affecting traffic from the Outside zone to Inside zone. I imagine there are others, but this is where I am testing at the moment.
Possible solutions:
Many thanks,
Steytler
11-17-2022 03:29 PM
Hello Steytler,
The firts line permit all, not just 22 and 3389, why not just deny tcp 22 and 3389 and if you need permit all put in below the deny ssh and 3389
11-18-2022 09:37 AM
I was trying to understand why the traffic was passing through this rule. This is a matter of understanding the order of operation and the reading a rule correctly. No zones [any interface] and no source or dest [any any] then the traffic is punted to Snort for inspection by those rule sets.
The expectation is that the traffic would make it to the Default policy of Block. And as I noodle through this with more of a fine tooth comb, the traffic getting all the way to the L7 policy is making more sense.
Any other comments and thoughts greatly appreciated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide