Solved

WAN to LAN any to any is set to Deny

Posted on 2011-09-30
4
789 Views
Last Modified: 2012-06-27
Hello,
I have some difficulty understanding how internet and other services are working when I have
WAN to LAN (any to any) policy on my TZ100 firewall set to Deny. LAN to WAN is set to Allow any to any.
Scan of an external IP address reveals no open ports; however everything seems to be working.

thanks
0
Comment
Question by:Andrei9
  • 2
  • 2
4 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36892606
Internet is not a WAN to LAN communication.
to deny internet access you would need to block port 80 outbound
0
 

Author Comment

by:Andrei9
ID: 36892932
thanks Neilsr.

but how does communication take place if nothing is open on WAN? How do packets enter LAN from WAN?
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 36893818
When you open an outgoing IP connection to a given address your firewall remembers who your talking to and expects replies on a given port and accepts them.

IF somebody tries to initiate a connection to you without that initial outgoing connection then THAT is where your WAN to LAN block comes into effect.

If you think about it, how else would you be able to go out on port 80 and talk to EVERY different website on the planet?
0
 

Author Closing Comment

by:Andrei9
ID: 36893843
very good!
thanks
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
increase internet speed 3 83
Decrypting SSL traffic in wireshark 7 91
Sonicwall will not export settings 4 66
Fortigate 100D NTP Issue 4 51
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now