Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shehan_Wickrama
Collaborator
Jump to solution

How can I block ports from outside and allow it for internal communications?

Hello Guys,

One of our vulnerability scanner gave the following ports as vulnerable, so we want those ports to be blocked from outside and to be allowed from the inside for inside communications.

These are the ports


264/tcp - fw1_generic.
500/udp - ikev1.
18231/tcp

18264/tcp - cp_ica

how can i do this?

Thanks

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Some of these are covered by implied rules.

To confirm this, go to Global Properties, click the appropriate checkbox, and install policy.

You will see log entries on Rule 0.

In which case you will have to work to disable the implied rules, but this is NOT recommended.

Refer to: How to completely disable FireWall Implied Rules 

View solution in original post

5 Replies
Brian_Deutmeyer
Collaborator

I feel like I might be missing something with your question, but I think there are several ways to achieve this...

SRC: Internal Networks Group [NEGATED] | DST: Any | SVC: ports | ACT: drop

--or--

SRC: Internal Networks Group | DST: Any | SVC: ports | ACT: allow 

      * I'd have several more specific rules of the above rule with explicit destinations...

SRC: Any | DST: Any | SVC: ports | ACT: drop

--or--

Other combinations...

Shehan_Wickrama
Collaborator

Hi Brian,

Thank You for the reply.

Regards,

Shehan

0 Kudos
PhoneBoy
Admin
Admin

Some of these are covered by implied rules.

To confirm this, go to Global Properties, click the appropriate checkbox, and install policy.

You will see log entries on Rule 0.

In which case you will have to work to disable the implied rules, but this is NOT recommended.

Refer to: How to completely disable FireWall Implied Rules 

Shehan_Wickrama
Collaborator

Hi Dameon,

Thanks for the reply. I have disabled some with the implied rules.

Regards,

Shehan

0 Kudos
kreynolds
Explorer

G             reat answer PhoneBoy, how to do this for 600 and 1100? thc

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events