SMB Strict Mode

G_W_Albrecht — Mon, 05 Oct 2020 08:26:09 GMT

I would like to collect views about Strict Mode on SMB appliances. Who uses it for his customers ? What are the benefits ? What are the drawbacks ?

Re: SMB Strict Mode

G_W_Albrecht — Tue, 13 Oct 2020 10:29:17 GMT

What we know about Strict Mode limitations

- sk112858 ATRG: Gaia Embedded Appliances

Blocks all traffic, in all directions, by default. In this mode, your policy can only be defined through the Servers page and by manually defining access policy rules in the 'Access Policy > Firewall Policy page'.

- sk110749 Application Control does not work on Locally managed Embedded GAIA devices

If the FW blade is set to Strict:

The Autoconfigured Application Control rule will be placed bellow ANY allowed rules you manually created: You will need to manually add another Block rule for applications you want to block above the allow rule.

- sk117832 How to open "Kerberos" protocol between two local networks of locally managed appliance, when Firewall on a "Strict" mode

Create a Policy rule that allows Internal network communication

- sk167236:1500 / 1570R gateway blocking internal SNMP polling traffic when Firewall blade is in strict mode

Creating outbound policy rule resolves the issue (Source Internal LAN, Destination ANY, Service SNMP, Action Allow).

- sk101187 In strict mode, Nodes behind 600/1100 are unable to access resources behind remote GW VPN tunnel

Add two rules - one for outbound and one for inbound on strict mode firewall for Incoming, Internal and VPN traffic section.

- sk106954 Blade updates fail when IPS set to "strict" mode on locally managed 600 appliance

topic SMB Strict Mode in Spark Firewall (SMB)

SMB Strict Mode

Re: SMB Strict Mode