PDA

View Full Version : Is this setting secure?

PC83130
10-19-2008, 11:23 PM
Hello,

I'm a newbie here. I need some help with my untangle firewall.

I take default action "Pass" and block(and log) any traffic from "Less Trusted" to "More Trusted". Is this setting secure? How can i test it?

Please, any help will be appreciated.

My current setting
1. Default Action: Pass
2. Rule list
Enable Rule: Checked
Action: Block
Log: Checked
Traffic Type: Any
Client Interface: Less Trusted
Server Interface: More Trusted
Source Address: any
destination Address: any
source port: any
destination port: any
sky-knight
10-20-2008, 01:10 AM
I don't have a complete definition on what is "less trusted" or "more trusted"

I do know that the VPN interface is "less trusted" I would assume that internal is "more trusted"

I don't know where DMZ fits in this equation either. Have you checked the wiki?
PC83130
10-20-2008, 03:02 AM
thanks for your post.

This wiki page show detail for less trusted and more trusted def.
http://wiki.untangle.com/index.php/Networking_Basics#Less_Trusted_vs._More_Trusted_In terfaces

The idea is I want to block everything (except VPN) that can access to my network. Do you think my current setting cover that?
sam
10-20-2008, 04:03 AM
thanks for your post.

This wiki page show detail for less trusted and more trusted def.
http://wiki.untangle.com/index.php/Networking_Basics#Less_Trusted_vs._More_Trusted_In terfaces

The idea is I want to block everything (except VPN) that can access to my network. Do you think my current setting cover that?

The Best option is select Block from untangle firewall general setting tab.and create new rule list to open requerd port. This is the secured option.
sky-knight
10-20-2008, 08:54 AM
The Best option is select Block from untangle firewall general setting tab.and create new rule list to open requerd port. This is the secured option.

Not always, the default block policy doesn't log the blocked events. By configuring it pass all and creating the block rule you can see what is going on.
PC83130
10-20-2008, 11:44 PM
thanks for suggestions.

So, refer to my setting, currently if i want to block only internet traffic from outside, is it a secure solution to block any connection from "less trusted" to "more trusted"?