Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 258 views
  • Users 0 members are here
Options
Suggested

Basic set of firewall rules for a very basic office

Mark Tarrant

Hello,

I'm new to Sophos, and am deploying my first firewall to a very basic client, and just want to check what I have configured is a reasonable balance between security and functionality?  I am just looking for opinions and whether I have missed anything major?  I do understand setting security can be like measuring the length of string so to speak.

Note as I don't want to risk too many problems I have just allowed everything LAN to LAN.

Also note I have a disabled 'deny LAN and WiFi to Internet' rule at the top so it can quickly be isolated in case of attack.

The allowed services for access to the web are;

DNS, FTP, HTTP, HTTPS, ICMP, ICMPv6, NTP, SIP, SIP-MSNmessenger, SNMP



Added TAGs
[edited by: Erick Jan at 8:13 AM (GMT -7) on 3 Jul 2024]
Parents Reply
  • 0 in reply to Mark Tarrant

    Hi,

    the blocking will only block outgoing traffic and should be the top rule.

    I would change any of your source to LAN and the network to improve security. Your mail setting is an open, so change it to source ZONE to LAN and network to the LAN network.

    Unless you have IPv6 configured on your XG I would remove the ICMPv6.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
Unfiltered HTML