cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Ivory

rules management

Hello everyone ;

I have the SMB 1490, I publish here my rules of management to know if they are well written. also I would like to know if there is documentation for the 1490 for better grip.

thank.

capture1.PNGCapture2.PNGgrip. Thank you

0 Kudos
8 Replies
Highlighted

Re: rules management

0 Kudos
Highlighted
Admin
Admin

Re: rules management

Without knowing exactly what's connected to the different networks, I can't say for sure that's the best rulebase for you.
I usually end up dropping a few things on the local networks mostly to keep the logs reasonable (things like SMB).
0 Kudos
Highlighted
Ivory

rules

Good evening;

i have a web server in my dmz that needs to interact with a sql server database server in the LAN network. simple pages are accessible, but pages displaying data are not, because they are blocked by the firewall. how to write the rule for the web server then query the database located in the LAN. 

checkpoint.png

thank

0 Kudos
Highlighted
Admin
Admin

Re: rules

Hi, you created a new thread about the same environment.
I've merged it to this thread.
Also, hope that's not your actual public IP address in the diagram--you might want to consider updating the diagram.

Without knowing precisely how your web server is communicating with the database server, I can't tell you exactly what rules to create.
That said, the screenshot you provided of the rules suggests it should work.
However, allowing everything from DMZ to LAN is not recommended.
You should configure the specific IPs and protocols you wish to allow.

Actual screenshots of the relevant log messages you're seeing might be helpful.
0 Kudos
Highlighted
Ivory

Re: rules

HI,

to display a web page containing information from the database, the web server must connect to the sql server through the firewall. it uses port 1433 in tcp.

checkpoint.png

0 Kudos
Highlighted
Ivory

Re: rules

hello PhoneBoy,


I managed to configure a rule to allow the web server to connect to the sql server by following your advice.

&&.PNG

Now give me your opinion; it is secure?

0 Kudos
Highlighted

Re: rules management

Hello Junior,

 

Rules 3, 4 and 5 are bypassing the blocks at default rule 6.

You need to block other dangerous/ilegal categories above rule 3 - Directeur, or else he will be at risk.

I recommend adding a group blocking stuff like Child Abuse, Phishing, Malware, Spam, etc. at the top.

 

 

0 Kudos
Highlighted
Ivory

Re: rules management

thank pedro for your answer,

can you qive me an exemples please.

0 Kudos