topic Re: Fresh from scratch firewall config in General Topics

Fresh from scratch firewall config

Johndbabio1 — Mon, 08 Feb 2021 21:12:33 GMT

So i can't find much on what rule of thumb to follow. If you know what applications you want to be allowed, should you start with the level4 version of the rule using just a port and then migrate to app based rule? Once app id identifies it properly migrate using best practices? Do you start off with the app id version of the firewall rule right away?

Re: Fresh from scratch firewall config

JoergSchuetter — Mon, 08 Feb 2021 21:37:54 GMT

If you are confident the application is correct, why bother with the port based rule?

If you are not so confident, use both. Application rule comes first, port based rule below. If the application rule didn't match (for whatever reason), the fallback rule based on the port will catch the traffic. The identified application on the port rule can be used to fine-tune the application rule above.

Re: Fresh from scratch firewall config

Saurabh-Bhansali — Tue, 09 Feb 2021 01:57:42 GMT

It is always a best practice to create a standard URL filtering profile that blocks unwanted URL categories based upon organization's requirement. Attach that filtering profile with the Firewall policies created along with other content ID profiles, in addition to the policies created with App-based and port-based.

Re: Fresh from scratch firewall config

jimzam — Mon, 27 Dec 2021 17:57:15 GMT

Hi there,
If you are confident the application is correct, why bother with the port based rule?
If you are not so confident, use both. Application rule comes first, port based rule below. If the application rule didn't match (for whatever reason), the fallback rule based on the port will catch the traffic. The identified application on the port rule can be used to fine-tune the application rule above.
All the best!