topic Re: Are there any implied rules on SMB appliances and can I show them? in Spark Firewall (SMB)

Are there any implied rules on SMB appliances and can I show them?

sdellsperger — Thu, 07 Feb 2019 15:19:29 GMT

Hi guys,

We used to configure "standard rules" for gateways, something like this:

Source	Destination	Application	Service	Action
This GW	Internet	Any	NTP	allow
This GW	Internet	Any	DNS	allow
This GW	Internet	Any	ICMP	allow
This GW	Internet	Any	HTTP(S)	allow

The goal was to allow the gateway to set up connections for the update service, license service, etc.

Now I tried the connections withous these rules above and it worked without any problems.

I'd like to know:

Are there any implied rules on the SMB appliances, which allow the gateway to connect to the update service, get time updates, etc?

Are there any possibilities to display them?

Thank you.

Best Regards

Severin Dellsperger

HristoGrigorov — Fri, 21 Jun 2019 09:17:43 GMT

I suggest you take a look at this:

sdellsperger — Fri, 08 Feb 2019 09:02:32 GMT

This is what I searched for

Unfortunately I couldn't find any definition for NTP.

Does someone know, where to find the implied NTP rule?

HristoGrigorov — Fri, 08 Feb 2019 09:22:10 GMT

I checked how it is in centrally managed appliances and there is the following rule:

Perhaps there is similar one when locally managed, not explicitly for NTP?

G_W_Albrecht — Fri, 08 Feb 2019 10:41:54 GMT

NTP (UDP 123) is not listed explicitly in implied_rules.def - but if you look inside the file you will see rather complex macros that generate the implied rule base. Just as an addition, we also have this one here: sk119497: Implied rules are generated but not displayed in the Implied Rules view.

sdellsperger — Fri, 08 Feb 2019 10:53:51 GMT

Yes it could be, thanks for help

sdellsperger — Fri, 08 Feb 2019 10:56:21 GMT

Thanks for the info, as long as it works it's fine for me.