Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Firewall Stateful inspection questions

Posted on 2014-10-23
4
177 Views
Last Modified: 2014-11-09
I am a system administration and would like to know some concept about Firewall Stateful inspection. We will create a firewall rule e.g.

Source IP      port              Destination IP     Port
1.2.3.4           any                5..6.7.8                 1433     (e.g. for SQL server)

1) When I submit the following firewall rule to our network department, do I need to submit any rule for the packet to coming back to the source ip (i.e. 1.2.3.4) assuming that a stateful firewall is between the two hosts ?

2) Another question is that if we submit the firewall rule update as below related to ICMP and UDP do I need to submit any rule for the packet to coming back to the source ip (i.e. 1.2.3.4) still assuming stateful firewall is between the two hosts as I know ICMP and UDP are stateless protocol ?

Source IP      port              Destination IP     Protocol
1.2.3.4           any                5..6.7.8                     ICMP or UDP

Thank you so much for your technical view in advance.

Patrick
0
Comment
Question by:patricktam
4 Comments
 
LVL 17

Expert Comment

by:Garry-G
ID: 40401951
Normally, a stateful firewall should automatically allow returning packets. That's the main "win" over a regular stateless packet inspection.

As for ICMP and UDP, as the connections aren't stateful as such, some firewalls might not permit returning packets (though this ought to be rare nowadays). Just try it ... Anyway, as for ICMP, please remember that you want to at least permit incoming control packages (like "needs fragmentation") to avoid problems with other types of transfer.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40401956
No you don't. That is the stateful part, the connection state becomes open with a session, and then stays open for those two hosts for that session. After the firewall checks it's rules, and the traffic is allowed, there is session data in the connection that it keeps track of. Traffic will return the same path it was started from. If the host you created a connection to, tried to create a different connection to you, it would(should) fail. Number one it will probably be against the firewall access list, and second to that, it won't have the same session information the firewall knows it can allow. Connections from inside the firewall, are typically allowed out the firewall, but connections INITIATED from outside are typically blocked. It's the initiation that makes the most difference.
http://en.wikipedia.org/wiki/Stateful_firewall
-rich
0
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40402086
I'd suggest adding tcp to your port request as some requests will be for udp.
0
 

Author Closing Comment

by:patricktam
ID: 40431100
Thank you all of you for the great advice.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setup another VLAN on Fortigate 3 30
Failover VPN Question Sonicwall 5 48
how to determine subnet mask? 11 40
How to append an output to existing file with DOS and IPerf 2 35
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question