Results 1 to 6 of 6
  1. #1
    Newbie
    Join Date
    Jan 2019
    Posts
    9

    Default Block all ports on firewall but allow whatsapp, facetime

    Hi Guys

    I am new here and moved from Sophos XG, still learning and trying to understand. With Sophos XG i blocked all outbound connections but only allowed few ports which also included many Whatsapp and Facetime ports.

    Can someone confirm if i will have to do the same with untangle or can it be easier i.e. block ports but allow the application?

    Thanks

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,742

    Default

    I would only block ports as needed (leave all outgoing ports open). It really does not matter as most apps will fallback to 80 or 443 if they are blocked.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,288

    Default

    Application aware firewalls can only operate on the computer in question, gateways never know what's making a request, only that a device is making it.

    You're welcome to make a firewall rule to block everything, just don't be surprised when you go old and grey trying to sort out the damage that causes. Block all egress is just not a sane approach to managing a modern network, but you can do it, the features are there.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Master Untangler Chrismal's Avatar
    Join Date
    Sep 2016
    Location
    Malta
    Posts
    443

    Default

    why would you want to block all outgoing ports and torture yourself by figuring out what ports apps use and allowing them one by one ,?
    I like to listen. I have learned a great deal from listening carefully. Most people never listen

  5. #5
    Newbie
    Join Date
    Jan 2019
    Posts
    9

    Default

    Quote Originally Posted by Chrismal View Post
    why would you want to block all outgoing ports and torture yourself by figuring out what ports apps use and allowing them one by one ,?
    Well I have all the ports I need to allow which I have worked through for few years whilst being on Sophos XG.

    Just wondered if there was an easier option but I see what you all mean, I will probably think on it as yeah it would make things easier to allow all outbound and block as required.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,288

    Default

    Quote Originally Posted by kkw98 View Post
    Well I have all the ports I need to allow which I have worked through for few years whilst being on Sophos XG.

    Just wondered if there was an easier option but I see what you all mean, I will probably think on it as yeah it would make things easier to allow all outbound and block as required.
    That's what SSL inspection and Application Control are for! Blocking everything doesn't really help much anymore anyway, everything including the malware runs over TCP 443!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2