topic Re: rules in Spark Firewall (SMB)

rules management

Junior — Thu, 20 Jun 2019 12:02:06 GMT

Hello everyone ;

I have the SMB 1490, I publish here my rules of management to know if they are well written. also I would like to know if there is documentation for the 1490 for better grip.

thank.

grip. Thank you

Re: rules management

_Val_ — Fri, 21 Jun 2019 11:18:27 GMT

https://sc1.checkpoint.com/documents/R77.20.85/1400_Local_AdminGuide/html_frameset.htm

Re: rules management

PhoneBoy — Sun, 23 Jun 2019 20:38:38 GMT

Without knowing exactly what's connected to the different networks, I can't say for sure that's the best rulebase for you.
I usually end up dropping a few things on the local networks mostly to keep the logs reasonable (things like SMB).

rules

Junior — Wed, 26 Jun 2019 17:42:28 GMT

Good evening;

i have a web server in my dmz that needs to interact with a sql server database server in the LAN network. simple pages are accessible, but pages displaying data are not, because they are blocked by the firewall. how to write the rule for the web server then query the database located in the LAN.

thank

Re: rules

PhoneBoy — Wed, 26 Jun 2019 21:11:16 GMT

Hi, you created a new thread about the same environment.
I've merged it to this thread.
Also, hope that's not your actual public IP address in the diagram--you might want to consider updating the diagram.

Without knowing precisely how your web server is communicating with the database server, I can't tell you exactly what rules to create.
That said, the screenshot you provided of the rules suggests it should work.
However, allowing everything from DMZ to LAN is not recommended.
You should configure the specific IPs and protocols you wish to allow.

Actual screenshots of the relevant log messages you're seeing might be helpful.

Re: rules

Junior — Thu, 27 Jun 2019 09:30:09 GMT

HI,

to display a web page containing information from the database, the web server must connect to the sql server through the firewall. it uses port 1433 in tcp.

Re: rules

Junior — Mon, 01 Jul 2019 10:21:26 GMT

hello PhoneBoy,

I managed to configure a rule to allow the web server to connect to the sql server by following your advice.

Now give me your opinion; it is secure?

Re: rules management

Pedro_Espindola — Mon, 01 Jul 2019 17:21:48 GMT

Hello Junior,

Rules 3, 4 and 5 are bypassing the blocks at default rule 6.

You need to block other dangerous/ilegal categories above rule 3 - Directeur, or else he will be at risk.

I recommend adding a group blocking stuff like Child Abuse, Phishing, Malware, Spam, etc. at the top.

Re: rules management

Junior — Thu, 04 Jul 2019 14:45:13 GMT

thank pedro for your answer,

can you qive me an exemples please.