WAN to LAN any to any is set to Deny

Hello,
I have some difficulty understanding how internet and other services are working when I have
WAN to LAN (any to any) policy on my TZ100 firewall set to Deny. LAN to WAN is set to Allow any to any.
Scan of an external IP address reveals no open ports; however everything seems to be working.

thanks
Andrei9Asked:
Who is Participating?
 
Neil RussellTechnical Development LeadCommented:
When you open an outgoing IP connection to a given address your firewall remembers who your talking to and expects replies on a given port and accepts them.

IF somebody tries to initiate a connection to you without that initial outgoing connection then THAT is where your WAN to LAN block comes into effect.

If you think about it, how else would you be able to go out on port 80 and talk to EVERY different website on the planet?
0
 
Neil RussellTechnical Development LeadCommented:
Internet is not a WAN to LAN communication.
to deny internet access you would need to block port 80 outbound
0
 
Andrei9Author Commented:
thanks Neilsr.

but how does communication take place if nothing is open on WAN? How do packets enter LAN from WAN?
0
 
Andrei9Author Commented:
very good!
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.