Results 1 to 2 of 2
  1. #1
    Newbie
    Join Date
    Dec 2018
    Posts
    1

    Default Do bypass threads pose a risk?

    I'm considering a new firewall solution for a small business where I wear the "IT Guy" hat. I like what I have seen from Untangle, so I installed it as a virtual machine on my home lab. I'm finding my way around for the most part, but am concerned with the risks posed by the "bypass" sessions. I'd like to have all data flow through the firewall rules in a "deny all except specified" architecture. Even when I set all sessions to be scanned, I still see quite a few sessions showing as bypass.

    1) Is there a way to force all data to flow through the firewall rules?

    2) Am i correct in assuming that these bypass sessions could be used as a method to bypass my firewall?

    dashboard.png

    Bypass rules.png

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,729

    Default

    "Bypass" simply means don't scan at layer 7.

    Your rules are the default, the rule at the bottom does nothing as the default is to scan if no rules are matched.
    I wouldn't concern yourself. Many sessions won't be processed at layer 7, including sessions to and from untangle itself, non tcp/udp sessions, and more.

    If you are really worried about it, just implement your filtering rules at layer 3 in the filter rules, not in the apps.
    Last edited by dmorris; 12-16-2018 at 04:58 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2