Jump to content

Concerns with Firewall Learning Mode and IP Restrictions


Recommended Posts

When I enable learning mode in the firewall, it primarily adds a rule with the application selected and often sets other parameters to "any". Occasionally, it will select a specific destination port if it's a single port rather than multiple ports. This raises the question: why doesn't the firewall also select the source IP to minimize the attack surface?

For instance, if only one IP address is meant to connect to RDP on a server, why doesn't the firewall restrict the rule to only allow that specific IP? This approach would significantly enhance security by limiting access to only known and trusted IP addresses.

Link to comment
Share on other sites

  • Administrators

I reckon that holds true only for outbound communication. Otherwise the firewall would have to create as many rules as the IP addresses of domains that the user connects to when browsing the Internet which would be a mess with a negative effect on performance too.

Link to comment
Share on other sites

1 hour ago, Marcos said:

I reckon that holds true only for outbound communication. Otherwise the firewall would have to create as many rules as the IP addresses of domains that the user connects to when browsing the Internet which would be a mess with a negative effect on performance too.

For inbound connections, specifying source IPs can significantly reduce the attack surface without the same performance concerns. For example, if only one IP address needs to connect to RDP on a server, the firewall should ideally restrict the rule to only allow that IP. This practice enhances security by ensuring only authorized sources can initiate connections to critical services.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...