Soldier, you missed him reporting a general block rule he added to his firewall app.
So yes, in that configuration this is expected behavior.
Printable View
Soldier, you missed him reporting a general block rule he added to his firewall app.
So yes, in that configuration this is expected behavior.
I will try to tweak later tonight but yes you are right, I would like to access the NVR from the LAN. NVR is on a separate and isolated VLAN (as per my fileter rule) ... Like you mentioned I find redundant to create 2 rules (1 in Filter and 1 in Firewall) .. I am looking for a solution or a better way to configure things here. I would rather use the firewall app since I have logs compared to filter rules.
If I remove the block any rule of the firewall, this will prevent me from creating 2 rules? If so, is the firewall blocking any by default? Just want to make sure everything is closed off and secured.
I ran some test and sky-knight was right, I disabled the Firewall Rules "block any" and "NVR Access" and yes I can access the NVR with just the filter rule.Quote:
Originally Posted by sky-knight
If I am correct and understand Untangle correctly, the traffic is "examined" first under my filter rule, if ALLOWED then the Firewall blade takes over... Since I had a Block Any rule activated, everything was blocked. So unless I have a Rule in the Firewall App preceding the Block Any, the filter rule let it pass but the Firewall blocks it.
Yeap, I missed that. What I was trying to explain is I have it configured with only Filter Rules, no additional Firewall rules to make this work.Quote:
Originally Posted by sky-knight
Correct!Quote:
Originally Posted by idscomm
The kernel sees the traffic as it comes off the wire, only after the kernel is OK with it does the UVM see the traffic, and only have BOTH are OK with it does the traffic actually pass.
So we're back to that onion... you can bypass the UVM, but the kernel sees all!
I change my method to simplify the duplicate rule issues. I followed your advice as I like to have traffic Logs. Under filter I now have 3 rules:
Allow my Zabbix Server to Ping abroad
Allow non wan to non wan TCP UPD
Block Everything Else
I manage everything else through the Firewall and have a Block Any rule at the end.
Should be good and secure now, thoughts?
Thanks so much for your help.
Now learning the app slowly, started working with policy which I like since I can control where the kids are going without restricting my LAN since the Kids are on a separate VLAN....
There are 1000 ways to do it! So I see no problem with what you've proposed here.
The only thing I'll remind you of is the Firewall App like all UVM apps only sees TCP and UDP packets. So a block all there only applies to those protocols. Often, people will test with ICMP ping, which well... isn't TCP or UDP and therefore goes straight through it!
Now, ping is a great tool, but it's a TERRIBLE means of testing a firewall!
But that's also why I do what I do, and ensure that TCP and UDP go into the apps, because there I have the visibility in the reports to know what's going on. But, as you've discovered it is a bit more complex of a configuration, and it does have some more moving parts. But as long as you keep the filter as simple as you've described here you can concentrate most of that complexity into the firewall app.
Which when combined with policy rules means potentially different firewall apps seeing traffic based on time of day, user, whatever. Which is a gateway to a dynamically changing firewall that you will never find anywhere else. It's not often I need to push a firewall that hard, but it's really nice to have when I need it.
The closest thing I can use to compare it is M365's Conditional Access rules... Anyway, happy Untangling!
I agree 100% with you, keeping the filter rules simple make managing the Firewall app easier and yes Logs visibility is paramount for management. This Forum is helping me understand, configuring and optimizing my Product which is great. Thanks to you btw.
As I am learning every day about Untangle, this seems to be a very powerful and complete Software when you include the apps. I intend to purchase the Home Protect Plus ($150) license but I need to test a bit more to see if I really need the Pro. I setup OpenVPN and it works as intended (like my pfsense) (WireGuard VPN Blade). The only other difference is the Virus Blocker Lite and Threat Prevention Blades. I just need to test and see is they are worth the extra $100 (which to be honest is not that much considering what you get).
The Wireguard module needs to cook a bit... I could take it or leave it at present. The future of it however is quite bright, it just need some time. But Threat Prevention is an... interesting tool.
I'm still trying to fully get my head around it as well. But, it affords the ability to reputation check every single session that transits the device. So in theory, if a virus makes it inside the walls it can't communicate with its control server... regardless of port or protocol.
It won't stop the initial infection, but in theory it can prevent that initial infection from getting worse. Specifically it has the theoretical ability to halt a crypto before it actually starts encryption... because the bug won't be able to phone home with the key. It's utterly unique on the market, nothing else does this.