Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,038

    Default

    Soldier, you missed him reporting a general block rule he added to his firewall app.

    So yes, in that configuration this is expected behavior.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Untanglit
    Join Date
    May 2021
    Location
    Nova Scotia, CA
    Posts
    20

    Default

    I will try to tweak later tonight but yes you are right, I would like to access the NVR from the LAN. NVR is on a separate and isolated VLAN (as per my fileter rule) ... Like you mentioned I find redundant to create 2 rules (1 in Filter and 1 in Firewall) .. I am looking for a solution or a better way to configure things here. I would rather use the firewall app since I have logs compared to filter rules.

  3. #13
    Untanglit
    Join Date
    May 2021
    Location
    Nova Scotia, CA
    Posts
    20

    Default

    If I remove the block any rule of the firewall, this will prevent me from creating 2 rules? If so, is the firewall blocking any by default? Just want to make sure everything is closed off and secured.

  4. #14
    Untanglit
    Join Date
    May 2021
    Location
    Nova Scotia, CA
    Posts
    20

    Default

    Quote Originally Posted by sky-knight View Post
    Soldier, you missed him reporting a general block rule he added to his firewall app.

    So yes, in that configuration this is expected behavior.
    I ran some test and sky-knight was right, I disabled the Firewall Rules "block any" and "NVR Access" and yes I can access the NVR with just the filter rule.

    If I am correct and understand Untangle correctly, the traffic is "examined" first under my filter rule, if ALLOWED then the Firewall blade takes over... Since I had a Block Any rule activated, everything was blocked. So unless I have a Rule in the Firewall App preceding the Block Any, the filter rule let it pass but the Firewall blocks it.

  5. #15
    Master Untangler
    Join Date
    Nov 2018
    Posts
    117

    Default

    Quote Originally Posted by sky-knight View Post
    Soldier, you missed him reporting a general block rule he added to his firewall app.

    So yes, in that configuration this is expected behavior.
    Yeap, I missed that. What I was trying to explain is I have it configured with only Filter Rules, no additional Firewall rules to make this work.

  6. #16
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,038

    Default

    Quote Originally Posted by idscomm View Post
    I ran some test and sky-knight was right, I disabled the Firewall Rules "block any" and "NVR Access" and yes I can access the NVR with just the filter rule.

    If I am correct and understand Untangle correctly, the traffic is "examined" first under my filter rule, if ALLOWED then the Firewall blade takes over... Since I had a Block Any rule activated, everything was blocked. So unless I have a Rule in the Firewall App preceding the Block Any, the filter rule let it pass but the Firewall blocks it.
    Correct!

    The kernel sees the traffic as it comes off the wire, only after the kernel is OK with it does the UVM see the traffic, and only have BOTH are OK with it does the traffic actually pass.

    So we're back to that onion... you can bypass the UVM, but the kernel sees all!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #17
    Untanglit
    Join Date
    May 2021
    Location
    Nova Scotia, CA
    Posts
    20

    Default

    I change my method to simplify the duplicate rule issues. I followed your advice as I like to have traffic Logs. Under filter I now have 3 rules:

    Allow my Zabbix Server to Ping abroad
    Allow non wan to non wan TCP UPD
    Block Everything Else

    I manage everything else through the Firewall and have a Block Any rule at the end.

    Should be good and secure now, thoughts?

    Thanks so much for your help.

    Now learning the app slowly, started working with policy which I like since I can control where the kids are going without restricting my LAN since the Kids are on a separate VLAN....

  8. #18
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,038

    Default

    There are 1000 ways to do it! So I see no problem with what you've proposed here.

    The only thing I'll remind you of is the Firewall App like all UVM apps only sees TCP and UDP packets. So a block all there only applies to those protocols. Often, people will test with ICMP ping, which well... isn't TCP or UDP and therefore goes straight through it!

    Now, ping is a great tool, but it's a TERRIBLE means of testing a firewall!

    But that's also why I do what I do, and ensure that TCP and UDP go into the apps, because there I have the visibility in the reports to know what's going on. But, as you've discovered it is a bit more complex of a configuration, and it does have some more moving parts. But as long as you keep the filter as simple as you've described here you can concentrate most of that complexity into the firewall app.

    Which when combined with policy rules means potentially different firewall apps seeing traffic based on time of day, user, whatever. Which is a gateway to a dynamically changing firewall that you will never find anywhere else. It's not often I need to push a firewall that hard, but it's really nice to have when I need it.

    The closest thing I can use to compare it is M365's Conditional Access rules... Anyway, happy Untangling!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #19
    Untanglit
    Join Date
    May 2021
    Location
    Nova Scotia, CA
    Posts
    20

    Default

    I agree 100% with you, keeping the filter rules simple make managing the Firewall app easier and yes Logs visibility is paramount for management. This Forum is helping me understand, configuring and optimizing my Product which is great. Thanks to you btw.

    As I am learning every day about Untangle, this seems to be a very powerful and complete Software when you include the apps. I intend to purchase the Home Protect Plus ($150) license but I need to test a bit more to see if I really need the Pro. I setup OpenVPN and it works as intended (like my pfsense) (WireGuard VPN Blade). The only other difference is the Virus Blocker Lite and Threat Prevention Blades. I just need to test and see is they are worth the extra $100 (which to be honest is not that much considering what you get).

  10. #20
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,038

    Default

    The Wireguard module needs to cook a bit... I could take it or leave it at present. The future of it however is quite bright, it just need some time. But Threat Prevention is an... interesting tool.

    I'm still trying to fully get my head around it as well. But, it affords the ability to reputation check every single session that transits the device. So in theory, if a virus makes it inside the walls it can't communicate with its control server... regardless of port or protocol.

    It won't stop the initial infection, but in theory it can prevent that initial infection from getting worse. Specifically it has the theoretical ability to halt a crypto before it actually starts encryption... because the bug won't be able to phone home with the key. It's utterly unique on the market, nothing else does this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2