• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 810
  • Last Modified:

WAN to LAN any to any is set to Deny

Hello,
I have some difficulty understanding how internet and other services are working when I have
WAN to LAN (any to any) policy on my TZ100 firewall set to Deny. LAN to WAN is set to Allow any to any.
Scan of an external IP address reveals no open ports; however everything seems to be working.

thanks
0
Andrei9
Asked:
Andrei9
  • 2
  • 2
1 Solution
 
Neil RussellTechnical Development LeadCommented:
Internet is not a WAN to LAN communication.
to deny internet access you would need to block port 80 outbound
0
 
Andrei9Author Commented:
thanks Neilsr.

but how does communication take place if nothing is open on WAN? How do packets enter LAN from WAN?
0
 
Neil RussellTechnical Development LeadCommented:
When you open an outgoing IP connection to a given address your firewall remembers who your talking to and expects replies on a given port and accepts them.

IF somebody tries to initiate a connection to you without that initial outgoing connection then THAT is where your WAN to LAN block comes into effect.

If you think about it, how else would you be able to go out on port 80 and talk to EVERY different website on the planet?
0
 
Andrei9Author Commented:
very good!
thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now