Juniper Netscreen 5gt as firewall - need advice

Posted on 2006-05-04
Last Modified: 2013-11-16
I am have never configured a firewall before and I need some advice...

At my facility I would like to segregated the Office area from the Plant/Production area with a firewall to monitor and filter traffic.  The plant/production area is mission critical to our business and I want to limit the chances of a virus on someone's pc spreading to the plant area.  What we have done is put a Juniper Netscreen 5gt between the plant and office areas and it physically links the two areas together.  We already setup several rules on the netscreen to monitor traffic/data that is passing through it so that we can better get an idea of what ports are being used.

As far as I can tell here is the type of traffic that need to be able to pass between the office and plant:

type:              port:
http                80
dns                53
icmp              512
file and print

Should I only allow communications on certain ports?  Or should I just block certain ports?
Question by:philmaceri
    LVL 9

    Expert Comment

    The best rule of thumb is deny all, and allow by exception.
    meaning you block everything unless it is something that is needed and you make an exception and allow it through.

    That is the best security practice.
    LVL 9

    Accepted Solution

    But also  dont just block/allow ports, allow/block them in the direction they need to go.

    meaning if 53 only needs to come in from the office area, then only allow it in, and block it out. etc.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now