Default firewall ANY ANY policy allows microsoft netbios probes to the internet

Hi, I have always had a problem with the inclination to write default allow any any rules with XG and now with the new configuration wizard (very nice by the way, good job!) allow ANY ANY ANY from LAN to WAN is created that lets traffic like netbios port 137:139, 445 etc out to the internet. Not only an undesired behavior but will definitely flood the WAN with malicious traffic if you have any of the recent microsoft viruses in your LAN.

I generally like the wizard but perhaps a smaller selection of ports should be selected for initial configuration and connection to the internet.

0 rfcat_vk over 7 years ago

Hi Billybob,

that raises an interesting question, what was changed between MR7 and v17b. I don't see any dropped traffic from those ports on my main XG which has a server 2012 essentials running on the network. Now on the UTM I used to have rules specifically blocking those ports. But hadn't really given the same issue much thought on the XG.

Looks like another firewall rule to be added? Thank you for bringing that security hole tot e forums attention.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel