Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend Legend
Legend

SMB Strict Mode

I would like to collect views about Strict Mode on SMB appliances. Who uses it for his customers ? What are the benefits ? What are the drawbacks ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
1 Reply
G_W_Albrecht
Legend Legend
Legend

What we know about Strict Mode limitations

- sk112858 ATRG: Gaia Embedded Appliances

Blocks all traffic, in all directions, by default. In this mode, your policy can only be defined through the Servers page and by manually defining access policy rules in the 'Access Policy > Firewall Policy page'.

- sk110749 Application Control does not work on Locally managed Embedded GAIA devices 

If the FW blade is set to Strict:

The Autoconfigured Application Control rule will be placed bellow ANY allowed rules you manually created: You will need to manually add another Block rule for applications you want to block above the allow rule.

- sk117832 How to open "Kerberos" protocol between two local networks of locally managed appliance, when Firewall on a "Strict" mode

Create a Policy rule that allows Internal network communication

- sk167236:1500 / 1570R gateway blocking internal SNMP polling traffic when Firewall blade is in strict mode

Creating outbound policy rule resolves the issue (Source Internal LAN, Destination ANY, Service SNMP, Action Allow).

- sk101187 In strict mode, Nodes behind 600/1100 are unable to access resources behind remote GW VPN tunnel

Add two rules - one for outbound and one for inbound on strict mode firewall for Incoming, Internal and VPN traffic section.

- sk106954 Blade updates fail when IPS set to "strict" mode on locally managed 600 appliance

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events