DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Firewall Rules Vanished... 2860n
- digitalquill
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 12
- Thank you received: 0
04 Oct 2013 16:46 #77879
by digitalquill
Firewall Rules Vanished... 2860n was created by digitalquill
All
Strange one here. Client of mine has 2860n installed (by me) and was configured such that the firewall controlled access to NAT routing only allowing access to open ports from specific IP addresses. This involved a number of rules, but nothing ground breaking in terms of the 2860n
Today I come to make some changes and all the firewall rules have vanished.
At first I thought it or someone has upgraded firmware and wiped out all the settings, but this is clearly not the case, the Firmware version is the same and all other settings apart from the firewall settings are retained which they would not have been if it were a firmware upgrade.
No-one else has access to the router, remote admin is restricted to one external IP (My office).
Any thoughts? Is this an attack? Has someone compromised the router? Are there any known faults on the 2860 where it forgets settings?
I have of course changed all passwords including wifi keys, is there anything else one should to to shut the door?
How can i track down what is going on?
Thanks for any thoughts or help in advance
Matt Houldsworth
Strange one here. Client of mine has 2860n installed (by me) and was configured such that the firewall controlled access to NAT routing only allowing access to open ports from specific IP addresses. This involved a number of rules, but nothing ground breaking in terms of the 2860n
Today I come to make some changes and all the firewall rules have vanished.
At first I thought it or someone has upgraded firmware and wiped out all the settings, but this is clearly not the case, the Firmware version is the same and all other settings apart from the firewall settings are retained which they would not have been if it were a firmware upgrade.
No-one else has access to the router, remote admin is restricted to one external IP (My office).
Any thoughts? Is this an attack? Has someone compromised the router? Are there any known faults on the 2860 where it forgets settings?
I have of course changed all passwords including wifi keys, is there anything else one should to to shut the door?
How can i track down what is going on?
Thanks for any thoughts or help in advance
Matt Houldsworth
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
Less
More
- Posts: 1139
- Thank you received: 0
07 Oct 2013 10:48 #77888
by voodle
Replied by voodle on topic Re: Firewall Rules Vanished... 2860n
I've found out that if the filter rules can cause a loop state, the router clears them to keep a usable configuration.
What usually causes it that I've seen is setting Block / Pass if no further match and then setting which filter set it should branch to. I personally prefer to just avoid using those and use pass / block immediately making sure to put the pass rules first.
Also, if you're not using objects & groups with the firewall, I recommend doing so, those don't get cleared so it'll be much quicker to re-enter it all and you can have much more useful filter rules imo.
What usually causes it that I've seen is setting Block / Pass if no further match and then setting which filter set it should branch to. I personally prefer to just avoid using those and use pass / block immediately making sure to put the pass rules first.
Also, if you're not using objects & groups with the firewall, I recommend doing so, those don't get cleared so it'll be much quicker to re-enter it all and you can have much more useful filter rules imo.
Please Log in or Create an account to join the conversation.
- digitalquill
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 12
- Thank you received: 0
08 Oct 2013 09:06 #77892
by digitalquill
Replied by digitalquill on topic Re: Firewall Rules Vanished... 2860n
Hi
Voodle, Thanks for the reply, I am fairly sure there were no loops, I did have it branching to another rule set, but I don't see anything wrong with that.
Surly a router that removes all Firewall rules and turns the firewall off is a fundamental security flaw?
I was advised by Draytek that the 2860n was PCI complaint where having a strong firewall is critical, if it has a habit of turning off the firewall and allowing any traffic in this is a serous issue for us as we face significant fines for not being PCI compliant.
Matt Houldsworth
Voodle, Thanks for the reply, I am fairly sure there were no loops, I did have it branching to another rule set, but I don't see anything wrong with that.
Surly a router that removes all Firewall rules and turns the firewall off is a fundamental security flaw?
I was advised by Draytek that the 2860n was PCI complaint where having a strong firewall is critical, if it has a habit of turning off the firewall and allowing any traffic in this is a serous issue for us as we face significant fines for not being PCI compliant.
Matt Houldsworth
Please Log in or Create an account to join the conversation.
Moderators: Sami
Copyright © 2024 DrayTek