WAN to LAN any to any is set to Deny

Posted on 2011-09-30
Medium Priority
Last Modified: 2012-06-27
I have some difficulty understanding how internet and other services are working when I have
WAN to LAN (any to any) policy on my TZ100 firewall set to Deny. LAN to WAN is set to Allow any to any.
Scan of an external IP address reveals no open ports; however everything seems to be working.

Question by:Andrei9
  • 2
  • 2
LVL 37

Expert Comment

by:Neil Russell
ID: 36892606
Internet is not a WAN to LAN communication.
to deny internet access you would need to block port 80 outbound

Author Comment

ID: 36892932
thanks Neilsr.

but how does communication take place if nothing is open on WAN? How do packets enter LAN from WAN?
LVL 37

Accepted Solution

Neil Russell earned 2000 total points
ID: 36893818
When you open an outgoing IP connection to a given address your firewall remembers who your talking to and expects replies on a given port and accepts them.

IF somebody tries to initiate a connection to you without that initial outgoing connection then THAT is where your WAN to LAN block comes into effect.

If you think about it, how else would you be able to go out on port 80 and talk to EVERY different website on the planet?

Author Closing Comment

ID: 36893843
very good!

Featured Post

Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Managing 24/7 IT Operations is a hands-on job and indeed a difficult one. Over the years I have found some simple tips and techniques to increase the efficiency of the overall operations. The core concept has always been on continuous improvement; a…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question