Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend
Legend

Changing implied_rules.def on locally managed SMBs

This is an addition to Locally managed SMBs .def files for VPN fine-tuning.

 

The SMS file implied_rules.def contains the FireWall Implied Rules and usually is changed only using Dashboard Global properties... - see sk43401 How to completely disable FireWall Implied Rules. This sk is appropriate for centrally managed SMB appliances, but does make no sense for locally managed SMBs, and the sk92281 Location of 'implied_rules.def' files on Security Management Server is needed for all centrally managed GWs / SMB appliances.

 

On locally managed SMBs, implied_rules.def can be found in /pfrm2.0/config1/fw1/lib/ or /pfrm2.0/config2/fw1/lib/ and in /opt/fw1/lib/ where it can be edited. But we can not find many applications - for locally managed SMBs, sk35292 How to disable FW1_ica_services on port 18264 mentions locally managed SMBs as supported, and sk26059 Removing LDAP queries from the Implied Rules and sk31692 RADIUS/SecurID packets are being picked up by an implied rule instead of being encrypted are supported as All products are covered by the listed procedure.

 

Not applicable (as relevant for unsupported product versions only) are sk66030 Connection to Security Gateway on TCP Port 80 and TCP Port 443 is accepted by Implied Rule 0 and sk92262: TACACS+ authentication packets are not encrypted

 

.

CCSE CCTE CCSM SMB Specialist
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events