To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

FIREWALL RULE CREATION FOR 14.01

ravi12
ravi12 Posts: 57 Security Scout

Dear Sir,
We upgraded our console and clients to 14.01. But white creating Firewall rule we are facing some difficulty as mentioned below:
1. For example we have set one Firewall Name as test.
2.We configure the rule for the Firewall Test.
3.Now we implemented the Test Firewall to Root.
4.Now if i want to edit the test firewall in sub-domain or on particular client than the whole firewall rule are edited.
5. Now it is difficult to edit firewall rule for any client or sub-domain. as it changes the rule for all the clients i.e Root.
6.I have also installed 14.01 in other server and test the above said rule but the condition is same.
7. In 13.11 we are able to change the Firewall rule for the specific client or domain but in 14.01 it is not possible.
8.Please advice if anyone have solutions

Comments

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    Hi,
    this is how it works.
    There are only global profiles. You can clone a profile. They will not depend on anything nor will they inherit anychanges from the original profile.

     

    The visibility of the profiles on subdomain level is irritating as any changes made here are global.

     

    Please keep in mind that the number of rules should be kept small. There is no need to define rules for outgoing traffic in a standard office environment (except rare cases for single machines) and there is no need to allow inbound traffic except for some remote machines that have to manage a host via RDP or else.

     

    So you create cloned profiles for types of machines on root level and assign these to the different subdomains. To make things easy, combine the most common rules to the first profile, before creating more clones from that. Always think twice if the difference in that clone is really needed in terms of "does it improve the security of this system or would it rather protect a remote system?!"

     

    For Servers: DO NOT use the client profiles at all. create new ones and assign these before switching on the firewall. Here it is usefull to only allow THAT inbound traffic that the server shall answer.

     

    Finally: CS 14.02 is RTM. 14.01 is buggy and 14.10 is in RC testing already.

     

    BR
    Matthias

  • ravi12
    ravi12 Posts: 57 Security Scout

    As you write 

    For Servers: DO NOT use the client profiles at all. create new ones and assign these before switching on the firewall. Here it is usefull to only allow THAT inbound traffic that the server shall answer.

     

    Currently, there is Server Security 12.12 and in server the windows firewall works not the F-Secure Firewall. Than what the need for creating another firewall for servers. request advice

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master
    You wrote you "installed V14.01 in an other Server", so maybe you meant something else.

    SS14 willbe available shortly and that brings the same windows based firewall.

    You are right SS12 does not have a F-Secure firewall at all.
    M.
This discussion has been closed.

Categories