• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 565
  • Last Modified:

Juniper Netscreen 5gt as firewall - need advice

I am have never configured a firewall before and I need some advice...

At my facility I would like to segregated the Office area from the Plant/Production area with a firewall to monitor and filter traffic.  The plant/production area is mission critical to our business and I want to limit the chances of a virus on someone's pc spreading to the plant area.  What we have done is put a Juniper Netscreen 5gt between the plant and office areas and it physically links the two areas together.  We already setup several rules on the netscreen to monitor traffic/data that is passing through it so that we can better get an idea of what ports are being used.

As far as I can tell here is the type of traffic that need to be able to pass between the office and plant:

type:              port:
http                80
dns                53
icmp              512
file and print

Should I only allow communications on certain ports?  Or should I just block certain ports?
  • 2
1 Solution
The best rule of thumb is deny all, and allow by exception.
meaning you block everything unless it is something that is needed and you make an exception and allow it through.

That is the best security practice.
But also  dont just block/allow ports, allow/block them in the direction they need to go.

meaning if 53 only needs to come in from the office area, then only allow it in, and block it out. etc.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now