Firewall Best Practices

Hello Experts,

I was just wondering if anyone knew any best practices of firewall devices or could answer this question:  Should I be restricting outgoing traffic as well?  I only restrict things coming into the network and was wondering what the best practices are for implementing firewall hardware appliances.

Thanks in advance,

Who is Participating?
Blue Street TechConnect With a Mentor Last KnightsCommented:

In general, filtering outbound is an overkill unless you are mandated to by compliance (PCI-DSS, HIPPA, etc.) or internal policy (as @stu29 pointed out).

Keep in mind that depending on the architecture and size of your network it adds a fair amount of complexity and management especially initially during the shakeout period. Take into consideration that segmenting your network will make things easier if you do so. For example, the WLAN should be on it's own interface, subnet & zone and within the pool of your wireless devices I'd segment between laptops and mobile devices (tablets & smartphones) due to the different types of security risks and traffic that are unique to those form factors. So that way you have different WLAN VLANs for both sub-types of wireless traffic. But it's really your prerogative.

In theory filtering outbound is terrific, because it allows great control both in/out of the network and in the event of malware infections (depending on the type) inside the network, filtering outbound traffic can prohibit these infections from sending outbound for remote transmission, data leaching, remote control, etc. as typically they use not typically used ports to do so.

Let me know if you have any other questions!
stu29Connect With a Mentor Commented:
Best practices for outgoing traffic are usually defined by your internal policies.  That being said, it is normal to control and monitor outgoing traffic.  Think rootkits trying to communicate, rouge SMTP servers etc.
Blue Street TechLast KnightsCommented:
Any updates on this?
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!


Are you looking for anything more specific?
BJDalfol9Author Commented:
Thanks Guys! This is everything I needed/wanted to know. Just still new to the whole network security stuff and wanted to make sure I was doing right by my clients. Thanks for all your help and advice! :)

Blue Street TechLast KnightsCommented:
My pleasure!  I'm glad I could help and thanks for the points.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.