I attached my home network configuration, where I have encountered several issues. But before this, please answer me some basic questions:
I have the firewall setup as Custom Policy mode, how is traffic processed ? Is it a top to bottom firewall rules order ?
Which rules have more importance? Application rules or Global rules ?
If I allow an IP or an application on out direction, do I have to permit it on the IN direction also ? I mean isn’t statefull so he knows that the returning session belongs to an outbound connection ?
How is the firewall treating a bridge Vmware connection ? Because I saw it is blocking it in a weird way I
don’t understand !
If I using the FW on Custom Policy Mode and I have 2 Global Rules:
Allow any source towards any destination on OUT
Block any source towards any destination on IN
Why is he asking me if I want to use Remote Desktop on an outside server ?
Application: mstsc.exe
Remote: a.b.c.d - TCP
Port: 3389
Allow Block
Isn’t it suppose to match my 1st FW rule - allow ALL outbound ?!!!
1. I have the firewall setup as Custom Policy mode, how is traffic processed ? Is it a top to bottom firewall rules order ?
Yes the rules have a top to bottom priority.
Which rules have more importance? Application rules or Global rules ?
That depends. Outbound traffic is processed by Application rules first then Global rules. Inbound traffic is processed by Global rules first then Application rules.
2. If I allow an IP or an application on out direction, do I have to permit it on the IN direction also ? I mean isn't statefull so he knows that the returning session belongs to an outbound connection ?
In depends on the application, in most situations you will not need an inbound Global rule because the inbound traffic is a response to a request. Some applications, however, such as p2p clients will need specific inbound rules to function correctly.
3. How is the firewall treating a bridge Vmware connection ? Because I saw it is blocking it in a weird way I
don't understand !
A bridged VM is treated makes direct use of your hosts network adapter which effectively creates a new unique network node on your LAN thus it should be treated as such. Take a look at these threads:
4. If I using the FW on Custom Policy Mode and I have 2 Global Rules:
- Allow any source towards any destination on OUT
- Block any source towards any destination on IN
Why is he asking me if I want to use Remote Desktop on an outside server ?
Application: mstsc.exe
Remote: a.b.c.d - TCP
Port: 3389
Allow Block
Isn’t it suppose to match my 1st FW rule - allow ALL outbound ?!!!
CIS is asking what it should do about creating an Application rule, not a global rule.
Thank you for the quick&complete answer. It’s rare nowadays to receive such a good support in such a short time.
Unfortunately I’m so deceived by the product, it made me such a good first impression but when I had to configure it on the topology above - d’oh.
So there is no way to get rid of Application Rules ?
I mean I want to permit all outbound traffic, and permit inbound traffic which was started by my internal applications. All other inbound traffic should be denied !
Hi laf, realistically you’re not going to be able to get away from Application rules. Whilst, in theory, you could create just one rule and apply it to all applications, it would not be a sensible or particular way of doing things.
Because you’re using bridged connections, you’ll have to consider that each VM, is in fact a unique and independent node on your network and needs to be treated just as if it were a separate PC on your LAN. If you require secure, bi directional communication, between the nodes on your LAN and a degree of isolation from outside entities, I’m afraid you’ll have to create some rules.
The first place to start is with a new Trusted Zone, which you can find on the Firewall Common tasks page in CIS.
If you decide you wish to progress with this, please feel free to ask further questions.