Does the Draytek 2820 firewall need to be configured to protect home network?

Hi,
Just bought a draytek 2820 ADSL router.

Looking though the menu, it has a new object-type setup for it's firewall.  Looking at the defaults it doesnt seem to actually block much apart from some LAN -> WAN netBIOS traffic.

Does this Router need futher configuration to protect the LAN?

I'm used to having routers where everything is blocked unless you unblock it, this looks quite different...
jmsjmsAsked:
Who is Participating?
 
plug1Connect With a Mentor Commented:
Yes, thats what I said, it wont allow any external traffic into your network without configuring allow rules in the firewall. Ive rolled out 25 of these across the UK in the last month.
0
 
asdlkfCommented:
I'd start with a "deny any any" rule and then start inserting permit statements before it...

0
 
plug1Commented:
ITs default is to block all incoming traffic and allow outgoing traffic. Even without the firewall the NAT alone wouldnt let anything by, but you need to add exceptions to the firewall to allow anything external onto your network.

Panic over :)
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
jmsjmsAuthor Commented:
Yep I would agree if knew that the router needed to be setup, but what I need is confirmation as to wether this "security" router protects a LAN with it's settings out of the box.

J
0
 
jmsjmsAuthor Commented:
Sorry Plug.  Didnt see your post when I typed in my response above.  Thats my gut feeling and looking at the earlier Drayteks they have the same rules but please bear with me.

What made me worry is that on the 2820, the Firewall general setup page, under "Actions for filter"  has a dropdown list set to "Pass" for filter. (I've not seen this on earlier Drayteks) So it looks like the default is to pass traffic that goes through the rule set.

This would be be true in some other firewalls as they have a blocking rule at the bottom, as asdlkf suggests.
 
Perhaps the way the Draytek works is that the traffic is indeed passed, but passed to the Open Ports section and then only allowed though if it matches settings in the Open ports page?

I've not seen anything confirming this have you?

I appreciate that I'm being a bit thick-headed here but I need to be sure. :-)



0
 
jmsjmsAuthor Commented:
THanks for your help.  I've not got a complete explanation (maybe Draytek should update their manuals!) but I trust it now.
0
All Courses

From novice to tech pro — start learning today.