Blocking a port permanently – WatchGuard Technologies FireboxTM System 4.6 User Manual

Page 55

Advertising
background image

User Guide

45

Blocking a port permanently

2

In the Category list, click Blocked Sites.

3

Modify the logging and notification parameters according to your security policy
preferences.

For detailed instructions, see “Customizing logging and notification by service or option” on

page 76.

Blocking a port permanently

You can block ports to explicitly cut off from external access certain network services
that are vulnerable entry points to your network. The Blocked Ports list takes
precedence over all service properties. For more information on precedence, see
Chapter 8, “Configure Services.”

Blocking ports can be useful in several ways:

• Blocked ports provide an independent check to protect the most sensitive

services. Even if another part of your security policy is misconfigured, blocked
ports provide an additional defense for the most vulnerable services.

• Probes to particularly sensitive services can be logged independently.

• Some TCP/IP services that use ports greater than 1024 are vulnerable to attack

if the attacker originates the connection from an allowed well-known service
less than 1024. Thus, these connections can be attacked by appearing to be an
allowed connection in the opposite direction. You should add the port numbers
of such services to the Blocked Ports list.

By default, Policy Manager blocks quite a few destination ports. This measure
provides convenient defaults that many administrators find sufficient. However,
additional ports can be added to the Blocked Ports list. From Policy Manager:

1

On the toolbar, click Blocked Ports.

You can also select Setup

=>

Blocked Ports.

2

In the text box to the left of the Add button, type the port number. Click Add.

The new port number appears at the bottom of the Blocked Ports list.

Removing a blocked port

From the Blocked Ports dialog box, click a port number in the Blocked Ports list.
Click Remove.

Logging and notification for blocked ports

From the Blocked Ports dialog box:

1

Click Logging.

The Logging and Notification dialog box appears.

2

In the Category list, click Blocked Ports.

3

Modify the logging and notification parameters according to your security policy
preferences.

For detailed instructions, see “Customizing logging and notification by service or option” on

page 76.

Advertising
Popular Brands
Popular manuals