?
Solved

WAN to LAN any to any is set to Deny

Posted on 2011-09-30
4
Medium Priority
?
801 Views
Last Modified: 2012-06-27
Hello,
I have some difficulty understanding how internet and other services are working when I have
WAN to LAN (any to any) policy on my TZ100 firewall set to Deny. LAN to WAN is set to Allow any to any.
Scan of an external IP address reveals no open ports; however everything seems to be working.

thanks
0
Comment
Question by:Andrei9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36892606
Internet is not a WAN to LAN communication.
to deny internet access you would need to block port 80 outbound
0
 

Author Comment

by:Andrei9
ID: 36892932
thanks Neilsr.

but how does communication take place if nothing is open on WAN? How do packets enter LAN from WAN?
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 2000 total points
ID: 36893818
When you open an outgoing IP connection to a given address your firewall remembers who your talking to and expects replies on a given port and accepts them.

IF somebody tries to initiate a connection to you without that initial outgoing connection then THAT is where your WAN to LAN block comes into effect.

If you think about it, how else would you be able to go out on port 80 and talk to EVERY different website on the planet?
0
 

Author Closing Comment

by:Andrei9
ID: 36893843
very good!
thanks
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses
Course of the Month8 days, 18 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question