Chapter 7 blocking sites and ports, Configuring default packet handling, Chapter 7 – WatchGuard Technologies FireboxTM System 4.6 User Manual

User Guide

43

CHAPTER 7

Blocking Sites and Ports

Many types of network security attacks are easily identified by patterns found in
packet headers. Port space probes, address space probes, and spoofing attacks all
exhibit characteristic behavior that a good firewall can recognize and protect against.

WatchGuard allows both manual and dynamic blocking of ports and sites, and uses
default packet-handling options to automatically and temporarily block hosts that
originate probes and attacks. Logging options can assist you in identifying suspect
sites that repeatedly exhibit suspicious behavior. You can then manually and
permanently block a suspect site. In addition, you can protect ports with known
vulnerabilities by blocking their unauthorized use.

Configuring default packet handling

The WatchGuard Firebox System examines and handles packets according to default
packet-handling options that you set. The firewall examines the source of the packet
and its intended destination by IP address and port number. It also watches for
patterns in successive packets that indicate unauthorized attempts to access the
network.

The default packet-handling configuration determines whether and how the firewall
handles incoming communications that appear to be attacks on a network. Packet
handling can:

• Reject potentially threatening packets

• Automatically block all communication from a source site

• Add an event to the log

• Send notification of potential security threats

From Policy Manager in the Advanced view:

1

Select Setup => Default Packet Handling.