Solved

Does the Draytek 2820 firewall need to be configured to protect home network?

Posted on 2009-03-30
6
1,080 Views
Last Modified: 2013-11-16
Hi,
Just bought a draytek 2820 ADSL router.

Looking though the menu, it has a new object-type setup for it's firewall.  Looking at the defaults it doesnt seem to actually block much apart from some LAN -> WAN netBIOS traffic.

Does this Router need futher configuration to protect the LAN?

I'm used to having routers where everything is blocked unless you unblock it, this looks quite different...
0
Comment
Question by:jmsjms
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:asdlkf
ID: 24021053
I'd start with a "deny any any" rule and then start inserting permit statements before it...

0
 
LVL 14

Expert Comment

by:plug1
ID: 24026556
ITs default is to block all incoming traffic and allow outgoing traffic. Even without the firewall the NAT alone wouldnt let anything by, but you need to add exceptions to the firewall to allow anything external onto your network.

Panic over :)
0
 

Author Comment

by:jmsjms
ID: 24026559
Yep I would agree if knew that the router needed to be setup, but what I need is confirmation as to wether this "security" router protects a LAN with it's settings out of the box.

J
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 14

Accepted Solution

by:
plug1 earned 250 total points
ID: 24026573
Yes, thats what I said, it wont allow any external traffic into your network without configuring allow rules in the firewall. Ive rolled out 25 of these across the UK in the last month.
0
 

Author Comment

by:jmsjms
ID: 24026931
Sorry Plug.  Didnt see your post when I typed in my response above.  Thats my gut feeling and looking at the earlier Drayteks they have the same rules but please bear with me.

What made me worry is that on the 2820, the Firewall general setup page, under "Actions for filter"  has a dropdown list set to "Pass" for filter. (I've not seen this on earlier Drayteks) So it looks like the default is to pass traffic that goes through the rule set.

This would be be true in some other firewalls as they have a blocking rule at the bottom, as asdlkf suggests.
 
Perhaps the way the Draytek works is that the traffic is indeed passed, but passed to the Open Ports section and then only allowed though if it matches settings in the Open ports page?

I've not seen anything confirming this have you?

I appreciate that I'm being a bit thick-headed here but I need to be sure. :-)



0
 

Author Closing Comment

by:jmsjms
ID: 31564354
THanks for your help.  I've not got a complete explanation (maybe Draytek should update their manuals!) but I trust it now.
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question