Solved: Re: Are there any implied rules on SMB appliances ...

sdellsperger · ‎2019-02-07

Hi guys,

We used to configure "standard rules" for gateways, something like this:

Source	Destination	Application	Service	Action
This GW	Internet	Any	NTP	allow
This GW	Internet	Any	DNS	allow
This GW	Internet	Any	ICMP	allow
This GW	Internet	Any	HTTP(S)	allow

The goal was to allow the gateway to set up connections for the update service, license service, etc.

Now I tried the connections withous these rules above and it worked without any problems.

I'd like to know:

Are there any implied rules on the SMB appliances, which allow the gateway to connect to the update service, get time updates, etc?

Are there any possibilities to display them?

Thank you.

Best Regards

Severin Dellsperger

HristoGrigorov · ‎2019-02-07

I suggest you take a look at this:

HristoGrigorov · ‎2019-02-07

I suggest you take a look at this:

sdellsperger · ‎2019-02-08

This is what I searched for

Unfortunately I couldn't find any definition for NTP.

Does someone know, where to find the implied NTP rule?

HristoGrigorov · ‎2019-02-08

I checked how it is in centrally managed appliances and there is the following rule:

Perhaps there is similar one when locally managed, not explicitly for NTP?

sdellsperger · ‎2019-02-08

Yes it could be, thanks for help

G_W_Albrecht · ‎2019-02-08

NTP (UDP 123) is not listed explicitly in implied_rules.def - but if you look inside the file you will see rather complex macros that generate the implied rule base. Just as an addition, we also have this one here: sk119497: Implied rules are generated but not displayed in the Implied Rules view.

sdellsperger · ‎2019-02-08

Thanks for the info, as long as it works it's fine for me.

Are there any implied rules on SMB appliances and can I show them?