Solved

Is it reasonably safe to uncheck autoblock source of packets not handled?

Posted on 2008-10-02
2
927 Views
Last Modified: 2013-11-16
Trying to troubleshoot some performance issues with a certain website that we subscribe to, I installed pingplotter at the suggestion of the vendor. Pinging/trace routing the site caused it to be blocked by our Firebox, due to the "autoblock source of packets not handled" option. Watchguard suggested that we uncheck  autoblock source of packets not handled and that it would be ok to do so.

What are the thoughts out there about this? I'm guessing it is probably OK to do so while I'm testing, but what about leaving it that way? Am I inadvertently blocking other legitimate sites? (I know, I should check the logs to answer that question).

There isn't really a solution to the Q - but I'd like to have some info to make an informed decision.

thanks for any input.
0
Comment
Question by:youngslim
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 200 total points
ID: 22626053
No problems in leaving that option disabled always; in the latest version of software and even in 9.x the option is disabled by default.

Let's first understand what this option implies; let's say you are not hosting any servers and by default all incoming traffic coming on the external interface of the firebox from the internet would be denied; if the option is enabled; in addition to denying the packets (default behavior no configuration needed for this) the firewall in addition block the source of packets and put them under blocked sites [System Manager->Blocked site tab]. If the option is disabled the firewall continues to deny the packet; just does not put the source of IP under blocked site.

What you loose; if you are a target of some port scan and the IP is under blocked list, then the firewall would not attempt to see if the rules permit/deny the requested port/protocol; thus saving CPU cycle.

Hope this help; please let know if you need more details.

Thank you.
0
 

Author Closing Comment

by:youngslim
ID: 31502443
That was a good, informative answer. Thanks,

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question