We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


Firewall question

Medium Priority
Last Modified: 2012-06-27
My buddy was supporting a small business network (tree care company).  The software application that has been sold to them under the guise of client-server software was actually a desktop application database that has been kept on a shared folder in the server.  Application was having performance issues and lockups.  So my friend was in the process of reconfiguring network when he got audited.  As part of the reconfiguration, filtering on sonic wall firewall was turned off.  However, the firewall was still in place and NAT'd (private IP on LAN port / Public IP on WAN port).  The auditor who is a related to the software vendor presented the 'finding' (of temporarily turning off the outbound internet traffic filtering) as a 'dire' security threat that is going to bring down this 20 user network/risk business.  Unfortunately the owner bought it and my buddy is being relieved of his responsibilities.  The application response has improved (possibly after software patch/upgrade by the software vendor who was onsite with the auditor) and everything now is blamed on the firewall configuration.  The public WAN IP is not used for email/web/ftp services where the IP reputation is at stake if a rogue machine inside the network acts up.

The question is
(1) Can someone on the public / WAN side  (internet) easily traverse the NAT'd firewall and access/control the pc inside the network and risk the business in this situation ?


Watch Question

I'm not terribly familiar with Sonicwall firewalls so I'm not sure what the 'filtering' setting does, but just answering as a general firewall question...no it is not 'easy'.  NAT is certainly not the best security measure but it is very good at hiding private IP identities in the world.  Most breaches are due to holes or ports being left open in a firewall configuration and a hacker finding it with a port scan.  

As long as access-lists are configured very tightly to only allow the absolutely necessary traffic to flow through the firewall breaches are unlikely.  Certainly NAT wouldn't be considered a security hole.
Justin OwensITIL Problem Manager

Can it be done?  Yes, absolutely anything can be done with enough time, skill, money, and desire.  Like gbakies suggests though, it would not be ultra easy, then again, it would not be ultra hard, either.  Turning off filtering on your firewall is just a bad idea.  

Unless your friend has a vested interest, though, my advise to him would be to walk away and not worry about it.  I took "relieved of his responsibilities" as being fired.  If that is not the case, then the next step would be to do some research about firewall and security and present a well documented "case" for putting firewall filtering back in place.

PowerShell Developer
Top Expert 2010
Unlock this solution and get a sample of our free trial.
(No credit card required)


Thanks gbakies/DrUltima

Yes only outbound filtering was turned off.
Sonicwall TZ 210  had all inbound ports closed except for Terminal Services.  The application running on the terminal services is a Tree Care Order Entry program.  Total users 15.  No financial / personal social security/ health or other privacy sensitive data is being stored.  The static ip address is also unpublished and do not show as belonging to the company

I do think that the auditor was scaremongering

Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.