Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Firewall Policies best practices?

This thread has been viewed 0 times

  • 1.  Firewall Policies best practices?

    Posted Feb 25, 2013 02:44 PM

    OK so we have been using FW policies for quite a while now, but was wondering what the consensus was for best practice?

     

    Should we create a bunch of individual deny rules, create a larger single deny rule for the entire policy, create only allow policies and then deny all ?  I know there are a couple more ways to do this as well, but was wondering what the best practice is or if there is one.

     

    We currently have all our services/servers/destinations setup in aliases, and have some things grouped (DNS servers, ActiveDirectory servers, etc...)  this makes rule creation quite easy.

     

    On another note is there any way to change the name of a rule after its been created (we want to use a different naming convention...).

     

    Thanks,

    Dan

     

     



  • 2.  RE: Firewall Policies best practices?

    Posted Feb 25, 2013 08:14 PM

    Well for firewall rules

    you should always create

    the most specific rules first and the most general rules at the end

     

    Let sa you have 5 rules

    You create the most specifc rule in number one

    the second most specific rule in number to and so on

     

    Yes alway use aliases thats a good practice.... as like you well said its easy to manage it that way

     

    If you got many servers to deny no dont do many rules for that with just one alias which contain all the servers thats the way... if you want to add another server just add them on the alias... and thats it... always use aliases when you can, which are like a group of firewall objects

    If you can build one rule instead of 5 individual rules for each server denying it do so... don t do 5 rules deneying one by one the servers...

    I dont know if that asnwer your questions if not please revert me and try to explain it to me easier my native language is not english but im willing to help if i can

     

    Cheers

    CArlos



  • 3.  RE: Firewall Policies best practices?

    Posted Feb 25, 2013 09:13 PM

    That sounds like I am thinking about this the correct way.  This is what I am currently doingfor one of our more restrictive roles (in this order):

     

    [permit]

    dhcpd-acl

    local dns servers (dns ports only udp/tcp)

    Active Directory

    File/print server

    local https/http services (2 servers)

    Wsus service

     

    [drop]

    All local networks (every private IP range)

     

    [permit]

    Allow all

     

     



  • 4.  RE: Firewall Policies best practices?

    Posted Feb 25, 2013 10:12 PM

    Just 3 rules and the most specific to the most general rule... looks good to me.



  • 5.  RE: Firewall Policies best practices?

    Posted Feb 26, 2013 11:51 AM

    Just an interesting tid-bit.

     

    After implementing these policies for our students we have seen a noticeable positive impact on performance.  We were suspecting that we had a bit of traffic from student machines that were related to IP issues from their home networks, and or networked printers or other devices at home.  Since we started restricting traffic and explicitly blocking all private IP ranges we are seeing better performance than ever... (we are also seeing a TON of blocked ip traffic to private IP ranges... )

     

    -Dan



  • 6.  RE: Firewall Policies best practices?

    Posted Feb 26, 2013 01:47 PM

    Good to know its working better!!


    Cheers

    Carlos