Changing implied_rules.def on locally managed SMBs

Document created by Günther W. Albrecht on Mar 26, 2018Last modified by Günther W. Albrecht on Aug 16, 2018
Version 4Show Document
  • View in full screen mode

This is an addition to Locally managed SMBs .def files for VPN fine-tuning.

 

The SMS file implied_rules.def contains the FireWall Implied Rules and usually is changed only using Dashboard Global properties... - see sk43401 How to completely disable FireWall Implied Rules. This sk is appropriate for centrally managed SMB appliances, but does make no sense for locally managed SMBs, and the sk92281 Location of 'implied_rules.def' files on Security Management Server is needed for all centrally managed GWs / SMB appliances.

 

On locally managed SMBs, implied_rules.def can be found in /pfrm2.0/config1/fw1/lib/ or /pfrm2.0/config2/fw1/lib/ and in /opt/fw1/lib/ where it can be edited. But we can not find many applications - for locally managed SMBs, sk35292 How to disable FW1_ica_services on port 18264 mentions locally managed SMBs as supported, and sk26059 Removing LDAP queries from the Implied Rules and sk31692 RADIUS/SecurID packets are being picked up by an implied rule instead of being encrypted are supported as All products are covered by the listed procedure.

 

Not applicable (as relevant for unsupported product versions only) are sk66030 Connection to Security Gateway on TCP Port 80 and TCP Port 443 is accepted by Implied Rule 0 and sk92262 TACACS+ authentication packets are not encrypted.

Attachments

    Outcomes