Solved

Firewall Rule UDP - what is send/receive and such?

Posted on 2008-10-29
6
1,620 Views
Last Modified: 2013-11-29
When creating an access rule for a firewall, UDP traffic can be specified as Send, Receive, Send/Receive or Receive/Send. Can someone provide or reference the definition of each, and how to select the right one for a given access rule?
0
Comment
Question by:Vadim Rapp
  • 3
  • 3
6 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22838642
Hey mate - your on the wrong side of the table aren't you?  lol

Bear in mind that UDP is a connectionless protocol, so unlike tcp which has the three-way handshake to establish communications, udp has to have a different method of working.

For ISAS rules, it operates from the standpoint that you are sitting inside the ISA server.....
for  example.

send is outbound from inside to external
receive is from external to internal
however, send is ALSO inbound OR outbound when the source is ISA itself.
receive is ALSO inbound OR outbound when the destination is ISA itself.

the send/receive  and receive/send are exactly the same as above but allow a response to return back through the filters.

Hope that clarifies a little?

Keith
0
 
LVL 40

Author Comment

by:Vadim Rapp
ID: 22839770
> the send/receive  and receive/send are exactly the same as above but allow a response to return back through the filters.
if it's connectionless, how does it know it's the response? maybe just timing coincidence?
0
 
LVL 40

Author Comment

by:Vadim Rapp
ID: 22839785
however, send is ALSO inbound OR outbound when the source is ISA itself.receive is ALSO inbound OR outbound when the destination is ISA itself.

Didn't quite follow this one, could you clarify a little, maybe with example.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 22843664
Although it is connectionless - ISA still makes a session so records that it has had an outbound or inbound request

For your second query, if the traffic is flowing between internal to external OR external to internal it passes 'through' the ISA interfaces from one area to the other.

However, what if the udp traffic is actually coming FROM the ISA server itself  ie localhost?

It would not matter if ISA was sending the traffic internally or if ISA sent it externally, in each case the localhost (ISA) is SENDING the traffic. Likewise, if the recipient of the UDP traffic was the ISA ITSELF, regardless of whether the traffic was coming from the internal interface OR the external interface, ISA/localhost would be RECEIVING the udp traffic.
0
 
LVL 40

Author Closing Comment

by:Vadim Rapp
ID: 31511248
Thanks, I see.

Re. being on the wrong side of the table - I guess EE's intent was exactly the _exchange_, rather than assisting the illiterate...
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22843931
lol - hardly. Just used to seeing you answering questions rather than asking them :)
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I know for anybody starting from Beginner to Expert in Networking knows what OSI model. But this tutorial is for freshers or those who are new to networking world. Why I am putting OSI in such simple and compact manner is because it enables you to k…
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now