Solved

WAN to LAN any to any is set to Deny

Posted on 2011-09-30
4
799 Views
Last Modified: 2012-06-27
Hello,
I have some difficulty understanding how internet and other services are working when I have
WAN to LAN (any to any) policy on my TZ100 firewall set to Deny. LAN to WAN is set to Allow any to any.
Scan of an external IP address reveals no open ports; however everything seems to be working.

thanks
0
Comment
Question by:Andrei9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36892606
Internet is not a WAN to LAN communication.
to deny internet access you would need to block port 80 outbound
0
 

Author Comment

by:Andrei9
ID: 36892932
thanks Neilsr.

but how does communication take place if nothing is open on WAN? How do packets enter LAN from WAN?
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 36893818
When you open an outgoing IP connection to a given address your firewall remembers who your talking to and expects replies on a given port and accepts them.

IF somebody tries to initiate a connection to you without that initial outgoing connection then THAT is where your WAN to LAN block comes into effect.

If you think about it, how else would you be able to go out on port 80 and talk to EVERY different website on the planet?
0
 

Author Closing Comment

by:Andrei9
ID: 36893843
very good!
thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Large and small networks have one same need, Service monitoring. Service monitoring consists of watch services of the several servers in the network. To monitor means that the administrator will receive an alert when a service is down or it's state …
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question