Changing implied_rules.def on locally managed SMBs

Document created by Günther W. Albrecht on Mar 26, 2018Last modified by Günther W. Albrecht on Apr 10, 2018
Version 3Show Document
  • View in full screen mode

This is an addition to Locally managed SMBs .def files for VPN fine-tuning.

 

The SMS file implied_rules.def contains the FireWall Implied Rules and usually is changed only using Dashboard Global properties... - see sk43401 How to completely disable FireWall Implied Rules. This sk is appropriate for centrally managed SMB appliances, but does make no sense for locally managed SMBs, and the sk92281 Location of 'implied_rules.def' files on Security Management Server is needed for all centrally managed GWs / SMB appliances.

 

On locally managed SMBs, implied_rules.def can be found in /pfrm2.0/config1/fw1/lib/ or /pfrm2.0/config2/fw1/lib/ and in /opt/fw1/lib/ where it can be edited. But we can not find many applications - on locally managed SMBs, sk26059 Removing LDAP queries from the Implied Rules and sk35292 How to disable FW1_ica_services on port 18264 do make sense (if really needed) and should be supported as All products are covered by both.

 

Seeming not applicable are sk31692 RADIUS/SecurID packets are being picked up by an implied rule instead of being encrypted and sk92262 TACACS+ authentication packets are not encrypted.

Attachments

    Outcomes