DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Firewall configuration help - a long read
- angusk
- Topic Author
- Offline
- New Member
Less
More
- Posts: 6
- Thank you received: 0
10 Nov 2018 14:02 #93344
by angusk
Firewall configuration help - a long read was created by angusk
Hello all,
I am finding this Vigor 2862 a very complicated beast compared to the Netgear SRXN3205 it is replacing. On that, all the LAN-2-LAN VPN traffic bypassed the firewall so all I needed to worry about was inbound and outbound traffic. Plus it was really easy to select the default inbound and outbound rules to 'block', then specify what inbound traffic was routed to the server. All outbound traffic, no matter what the source, was filtered by the rules before it was sent on its way. No need to worry about DMZs or what protocol is was using. Simples.
Now, I'm pretty sure that everybody out there who understands the 2862 (and others in the 2800 series generally) will be saying, "Fine, the Vigors do that as well", but to be completely honest I'm struggling. Perhaps I'm getting a bit old for this, but I do not find the Vigor an intuitive experience, and the wording in the manual is leaving me even more confused. I am familiar with router configuration, but I am only an experienced amateur, have no formal IT qualifications, and this device has me stumped.
What I have done is set up the server as being the destination for a DMZ (under the NTT -> DMZ Host menu), and at least the server is receiving e-mail now. The default rule (Firewall -> General Setup -> Default Rule) has been set to Block. I've set up all the ports associated with particular functions as Service Type Objects, and grouped them as Service Type Groups. I've then created a bunch of outbound rule sets (10 in total) which are set up as 'LAN/DMZ/RT/VPN -> WAN'. Some allow the printers to fetch updates from the Internet and send e-mails, some block anything other than the server form sending e-mail directly (excepting the printers). The details may or may not be important to the problems I'm having, but I'll presume that since the basis of the rules was the firewall settings of the Netgear that they are probably ok. I've then got three outbound rules, again using the Service Type Groups to do things like allow the server to send e-mail, access the web and handle the PPTP VPN traffic (Microsoft's remote desktop access to the server).
The problems I am experiencing are just weird. For example, I have my phone and home PC configured to collect e-mail using Active Sync. Most of the time this works. Sometimes I'm prompted for a password which, when I just click Retry, is accepted and I get mail. I also cannot seem to use the Microsoft PPTP VPN any longer. I just get another dialog box up asking for a password, which just makes me thing it’s not passing through to the server properly.
I have tried to test my firewall configuration using the Firewall -> Diagnostics, but all it says is "This packet is not handled by the firewall (6)", suggesting that everything is blocked (when I know that isn't the case). I find this a difficult tool to use as well.
Would anybody be willing to look over my configuration and advise?
Angus
I am finding this Vigor 2862 a very complicated beast compared to the Netgear SRXN3205 it is replacing. On that, all the LAN-2-LAN VPN traffic bypassed the firewall so all I needed to worry about was inbound and outbound traffic. Plus it was really easy to select the default inbound and outbound rules to 'block', then specify what inbound traffic was routed to the server. All outbound traffic, no matter what the source, was filtered by the rules before it was sent on its way. No need to worry about DMZs or what protocol is was using. Simples.
Now, I'm pretty sure that everybody out there who understands the 2862 (and others in the 2800 series generally) will be saying, "Fine, the Vigors do that as well", but to be completely honest I'm struggling. Perhaps I'm getting a bit old for this, but I do not find the Vigor an intuitive experience, and the wording in the manual is leaving me even more confused. I am familiar with router configuration, but I am only an experienced amateur, have no formal IT qualifications, and this device has me stumped.
What I have done is set up the server as being the destination for a DMZ (under the NTT -> DMZ Host menu), and at least the server is receiving e-mail now. The default rule (Firewall -> General Setup -> Default Rule) has been set to Block. I've set up all the ports associated with particular functions as Service Type Objects, and grouped them as Service Type Groups. I've then created a bunch of outbound rule sets (10 in total) which are set up as 'LAN/DMZ/RT/VPN -> WAN'. Some allow the printers to fetch updates from the Internet and send e-mails, some block anything other than the server form sending e-mail directly (excepting the printers). The details may or may not be important to the problems I'm having, but I'll presume that since the basis of the rules was the firewall settings of the Netgear that they are probably ok. I've then got three outbound rules, again using the Service Type Groups to do things like allow the server to send e-mail, access the web and handle the PPTP VPN traffic (Microsoft's remote desktop access to the server).
The problems I am experiencing are just weird. For example, I have my phone and home PC configured to collect e-mail using Active Sync. Most of the time this works. Sometimes I'm prompted for a password which, when I just click Retry, is accepted and I get mail. I also cannot seem to use the Microsoft PPTP VPN any longer. I just get another dialog box up asking for a password, which just makes me thing it’s not passing through to the server properly.
I have tried to test my firewall configuration using the Firewall -> Diagnostics, but all it says is "This packet is not handled by the firewall (6)", suggesting that everything is blocked (when I know that isn't the case). I find this a difficult tool to use as well.
Would anybody be willing to look over my configuration and advise?
Angus
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek