Locking Down Access Rules
Access Rules are a ruleset within NG Firewall to allow or block traffic specifically destined to the NG Firewall itself. They are located at Config > Network > Advanced > Access Rules.
We discourage the creation of rules here as they can be a huge security risk, specifically if the NG Firewall is your gateway device. The default rules cannot be modified in any way, and we encourage users to disable Allowing SSH & Allowing HTTPS on WANs for tighter security.
However, there are some scenarios where it may be necessary to create rule(s) to allow traffic to the NG Firewall , such as with remote SMTP servers. In these cases, we highly recommend configuring the rules to be as strict as possible, which would include adding a condition such as Source Address which will not allow anything other than the specific network, and specifying only the remote network that needs to access the NGFW via that protocol.
Please sign in to leave a comment.