John Colfer

Stealth Rule In Azure VSec Policy

Discussion created by John Colfer on Oct 12, 2017
Latest reply on Oct 13, 2017 by Dameon Welch-Abernathy

Hi Gang

I deployed an Azure Vsec Cluster and followed the SKs etc and it's and running fine. I'm starting to build out the policy and have run up against a problem.

 

Normally I would have the stealth rule as the 2nd or third rule, but when I try to allow nated traffic through to resources on the inside, it is getting dropped by the stealth rule

 

For Example:

Number: 2774078
Date: 12Oct2017
Time: 13:10:55
Interface: eth0
Origin: 52.169.50.242
Type: Log
Action: Drop
Service: TCP-8088 (8088)
Source Port: 54326
Source: ext_host_95.44.141.143 (95.44.141.143)
Destination: azure-external-int-fw1 (10.10.50.10)
Protocol: tcp
Rule: 3
Rule UID: {4DC1865D-5CF9-4D2A-8B84-7CF435A7BAAE}
Rule Name: Stealth
Current Rule Number: 4-wr-dub-azure1-pol
Information: inzone: External
outzone: External
Product: Security Gateway/Management
Product Family: Network
Policy Info: Policy Name: wr-dub-azure1-pol
Created at: Tue Oct 10 10:43:16 2017
Installed from: irb-dub-mgmt1

 

Do I need to put the rule which allows this traffic above the Stealth Rule? 

 

Will this mean, that when I publish an App for the internet will I have an any rule above the Stealth Rule?

 

I had a look for best practices regarding building out policies in Azure, but could find very little.

 

Could somebody please inform me of the best way to build out a fw policy in CP Azure cluster.

 

Best regards

 

John

Outcomes